CVE-2024-44955

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-44955
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute [Why] When unplug one of monitors connected after mst hub, encounter null pointer dereference. It's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When commit new state which directly referring to info stored in dc_sink will cause null pointer dereference. [how] Remove redundant checking condition. Relevant condition should already be covered by checking if dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263 Patch
https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4 Patch
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
History

10 Oct 2024, 17:57

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263 - () https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263 - Patch
References () https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4 - () https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4 - Patch
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE CWE-476
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
First Time Linux linux Kernel
Linux

05 Sep 2024, 12:53

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: No hacer referencia a dc_sink en is_dsc_need_re_compute [Por qué] Cuando se desconecta uno de los monitores conectados después del concentrador mst, se produce una desreferencia de puntero nulo. Esto se debe a que dc_sink se libera inmediatamente en early_unregister() o detect_ctx(). Cuando se confirma un nuevo estado que hace referencia directa a la información almacenada en dc_sink, se producirá una desreferencia de puntero nulo. [Cómo] Eliminar la condición de comprobación redundante. La condición relevante ya debería estar cubierta comprobando si dsc_aux es nulo o no. También se restablece dsc_aux a NULL cuando se desconecta el conector.

04 Sep 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-04 19:15

Updated : 2024-10-10 17:57

NVD link : CVE-2024-44955

Mitre link : CVE-2024-44955

CVE.ORG link : CVE-2024-44955

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-476

NULL Pointer Dereference


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024