CVE-2024-49913
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream
This commit addresses a null pointer dereference issue in the
commit_planes_for_stream function at line 4140. The issue could occur
when top_pipe_to_program is null.
The fix adds a check to ensure top_pipe_to_program is not null before
accessing its stream_res. This prevents a null pointer dereference.
Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:4140 commit_planes_for_stream() error: we previously assumed 'top_pipe_to_program' could be null (see line 3906)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c < 1ebfa6663807c144be8c8b6727375012409d2356 | affected |
| Linux | Linux | 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c < 8ab59527852a6f7780aad6185729550ca0569122 | affected |
| Linux | Linux | 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c < 40193ff73630adf76bc0d82398f7d90fb576dba4 | affected |
| Linux | Linux | 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c < e47e563c6f0db7d792a559301862c19ead0dfc2f | affected |
| Linux | Linux | 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c < 3929e382e4758aff42da0102a60d13337c99d3b8 | affected |
| Linux | Linux | 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c < 73efd2a611b62fee71a7b7f27d9d08bb60da8a72 | affected |
| Linux | Linux | 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c < 66d71a72539e173a9b00ca0b1852cbaa5f5bf1ad | affected |
| Linux | Linux | 4.15 | affected |
| Linux | Linux | 0 < 4.15 | unaffected |
| Linux | Linux | 5.10.227 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.168 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.113 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.55 <= 6.6.* | unaffected |
| Linux | Linux | 6.10.14 <= 6.10.* | unaffected |
| Linux | Linux | 6.11.3 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
References
- https://git.kernel.org/stable/c/1ebfa6663807c144be8c8b6727375012409d2356
- https://git.kernel.org/stable/c/8ab59527852a6f7780aad6185729550ca0569122
- https://git.kernel.org/stable/c/40193ff73630adf76bc0d82398f7d90fb576dba4
- https://git.kernel.org/stable/c/e47e563c6f0db7d792a559301862c19ead0dfc2f
- https://git.kernel.org/stable/c/3929e382e4758aff42da0102a60d13337c99d3b8
- https://git.kernel.org/stable/c/73efd2a611b62fee71a7b7f27d9d08bb60da8a72
- https://git.kernel.org/stable/c/66d71a72539e173a9b00ca0b1852cbaa5f5bf1ad
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.