CVE-2024-50117

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ``` ? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1)) ? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434) ? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2)) ? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1)) ? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642) ? exc_page_fault (arch/x86/mm/fault.c:1542) ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623) ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminator 2)) amdgpu ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminator 1)) amdgpu ``` It has been encountered on at least one system, so guard for it. (cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee)

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1d7175f9c57b1abf9ecfbdfd53ea760761f52ffe	Patch
https://git.kernel.org/stable/c/234682910971732cd4da96fd95946e296e486b38	Patch
https://git.kernel.org/stable/c/43b4fa6e0e238c6e2662f4fb61d9f51c2785fb1d	Patch
https://git.kernel.org/stable/c/58556dcbd5606a5daccaee73b2130bc16b48e025	Patch
https://git.kernel.org/stable/c/6032287747f874b52dc8b9d7490e2799736e035f	Patch
https://git.kernel.org/stable/c/975ede2a7bec52b5da1428829b3439667c8a234b	Patch
https://git.kernel.org/stable/c/bf58f03931fdcf7b3c45cb76ac13244477a60f44	Patch
https://git.kernel.org/stable/c/cd67af3c1762de4c2483ae4dbdd98f9ea8fa56e3	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::

History

08 Nov 2024, 17:53

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/1d7175f9c57b1abf9ecfbdfd53ea760761f52ffe -~~	() https://git.kernel.org/stable/c/1d7175f9c57b1abf9ecfbdfd53ea760761f52ffe - Patch
References	~~() https://git.kernel.org/stable/c/234682910971732cd4da96fd95946e296e486b38 -~~	() https://git.kernel.org/stable/c/234682910971732cd4da96fd95946e296e486b38 - Patch
References	~~() https://git.kernel.org/stable/c/43b4fa6e0e238c6e2662f4fb61d9f51c2785fb1d -~~	() https://git.kernel.org/stable/c/43b4fa6e0e238c6e2662f4fb61d9f51c2785fb1d - Patch
References	~~() https://git.kernel.org/stable/c/58556dcbd5606a5daccaee73b2130bc16b48e025 -~~	() https://git.kernel.org/stable/c/58556dcbd5606a5daccaee73b2130bc16b48e025 - Patch
References	~~() https://git.kernel.org/stable/c/6032287747f874b52dc8b9d7490e2799736e035f -~~	() https://git.kernel.org/stable/c/6032287747f874b52dc8b9d7490e2799736e035f - Patch
References	~~() https://git.kernel.org/stable/c/975ede2a7bec52b5da1428829b3439667c8a234b -~~	() https://git.kernel.org/stable/c/975ede2a7bec52b5da1428829b3439667c8a234b - Patch
References	~~() https://git.kernel.org/stable/c/bf58f03931fdcf7b3c45cb76ac13244477a60f44 -~~	() https://git.kernel.org/stable/c/bf58f03931fdcf7b3c45cb76ac13244477a60f44 - Patch
References	~~() https://git.kernel.org/stable/c/cd67af3c1762de4c2483ae4dbdd98f9ea8fa56e3 -~~	() https://git.kernel.org/stable/c/cd67af3c1762de4c2483ae4dbdd98f9ea8fa56e3 - Patch
First Time		Linux linux Kernel Linux
CWE		CWE-476
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.12:rc3:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::

08 Nov 2024, 16:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/234682910971732cd4da96fd95946e296e486b38 - () https://git.kernel.org/stable/c/43b4fa6e0e238c6e2662f4fb61d9f51c2785fb1d - () https://git.kernel.org/stable/c/58556dcbd5606a5daccaee73b2130bc16b48e025 -

06 Nov 2024, 18:17

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd: Protección contra datos erróneos para el método ACPI de ATIF Si un BIOS proporciona datos erróneos en respuesta a una llamada al método ATIF, esto provoca una desreferencia de puntero NULL en el llamador. ``` ? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminador 1)) ? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434) ? page_fault_oops (arch/x86/mm/fault.c:544 (discriminador 2) arch/x86/mm/fault.c:705 (discriminador 2)) ? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminador 1) arch/x86/mm/fault.c:1232 (discriminador 1)) ? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642) ? exc_page_fault (arch/x86/mm/fault.c:1542) ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623) ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminador 2)) amdgpu ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminador 1)) amdgpu ``` Se ha detectado en al menos un sistema, por lo que debe tener cuidado. (seleccionado de la confirmación c9b7c809b89f24e9372a4e7f02d64c950b07fdee)

05 Nov 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-05 18:15

Updated : 2024-11-08 17:53

NVD link : CVE-2024-50117

Mitre link : CVE-2024-50117

CVE.ORG link : CVE-2024-50117

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10