CVE-2024-50156

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()

If the allocation in msm_disp_state_dump_regs() failed then block->state can be NULL. The msm_disp_state_print_regs() function does have code to try to handle it with:

if (*reg) dump_addr = *reg;

…but since "dump_addr" is initialized to NULL the above is actually a noop. The code then goes on to dereference dump_addr.

Make the function print "Registers not stored" when it sees a NULL to solve this. Since we're touching the code, fix msm_disp_state_print_regs() not to pointlessly take a double-pointer and properly mark the pointer as const.

Patchwork: https://patchwork.freedesktop.org/patch/619657/

Affected Software

VendorProductVersion RangeStatus
LinuxLinux98659487b845c05b6bed85d881713545db674c7c < 42cf045086feae77b212f0f66e742b91a5b566b7affected
LinuxLinux98659487b845c05b6bed85d881713545db674c7c < e8e9f2a12a6214080c8ea83220a596f6e1dedc6caffected
LinuxLinux98659487b845c05b6bed85d881713545db674c7c < f7ad916273483748582d97cfa31054ccb19224f3affected
LinuxLinux98659487b845c05b6bed85d881713545db674c7c < 563aa81fd66a4e7e6e551a0e02bcc23957cafe2faffected
LinuxLinux98659487b845c05b6bed85d881713545db674c7c < 293f53263266bc4340d777268ab4328a97f041faaffected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.15.170 <= 5.15.*unaffected
LinuxLinux6.1.115 <= 6.1.*unaffected
LinuxLinux6.6.59 <= 6.6.*unaffected
LinuxLinux6.11.6 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References