CVE-2024-43903

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update This commit adds a null check for the 'afb' variable in the amdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was assumed to be null, but was used later in the code without a null check. This could potentially lead to a null pointer dereference. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/31a679a880102dee6e10985a7b1789af8dc328cc	Patch
https://git.kernel.org/stable/c/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff	Patch
https://git.kernel.org/stable/c/94220b35aeba2b68da81deeefbb784d94eeb5c04	Patch
https://git.kernel.org/stable/c/ce5d090af683137cb779ed7e3683839f9c778b35	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

27 Aug 2024, 13:39

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/31a679a880102dee6e10985a7b1789af8dc328cc -~~	() https://git.kernel.org/stable/c/31a679a880102dee6e10985a7b1789af8dc328cc - Patch
References	~~() https://git.kernel.org/stable/c/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff -~~	() https://git.kernel.org/stable/c/38e6f715b02b572f74677eb2f29d3b4bc6f1ddff - Patch
References	~~() https://git.kernel.org/stable/c/94220b35aeba2b68da81deeefbb784d94eeb5c04 -~~	() https://git.kernel.org/stable/c/94220b35aeba2b68da81deeefbb784d94eeb5c04 - Patch
References	~~() https://git.kernel.org/stable/c/ce5d090af683137cb779ed7e3683839f9c778b35 -~~	() https://git.kernel.org/stable/c/ce5d090af683137cb779ed7e3683839f9c778b35 - Patch
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: agregue una verificación NULL para 'afb' antes de eliminar la referencia en amdgpu_dm_plane_handle_cursor_update. Esta confirmación agrega una verificación nula para la variable 'afb' en la función amdgpu_dm_plane_handle_cursor_update. Anteriormente, se suponía que 'afb' era nulo, pero se usó más adelante en el código sin una verificación de nulo. Potencialmente, esto podría conducir a una desreferencia del puntero nulo. Corrige lo siguiente: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 error amdgpu_dm_plane_handle_cursor_update(): anteriormente asumimos que 'afb' podría ser nulo (consulte la línea 1252)
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux Linux linux Kernel
CWE		CWE-476
CPE		cpe:2.3:o:linux:linux_kernel::::::::

26 Aug 2024, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-26 11:15

Updated : 2024-08-27 13:39

NVD link : CVE-2024-43903

Mitre link : CVE-2024-43903

CVE.ORG link : CVE-2024-43903

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10