CVE-2024-26649

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix the null pointer when load rlc firmware

If the RLC firmware is invalid because of wrong header size, the pointer to the rlc firmware is released in function amdgpu_ucode_request. There will be a null pointer error in subsequent use. So skip validation to fix it.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3da9b71563cbb7281875adab1d7c4132679da987 < 8b5bacce2d13dbe648f0bfd3f738ecce8db4978caffected
LinuxLinux3da9b71563cbb7281875adab1d7c4132679da987 < d3887448486caeef9687fb5dfebd4ff91e0f25aaaffected
LinuxLinux3da9b71563cbb7281875adab1d7c4132679da987 < bc03c02cc1991a066b23e69bbcc0f66e8f1f7453affected
LinuxLinux6.3affected
LinuxLinux0 < 6.3unaffected
LinuxLinux6.6.15 <= 6.6.*unaffected
LinuxLinux6.7.3 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References