CVE-2024-27041

MEDIUM

Linux Kernel 5.14-6.8.1 - NULL Pointer Dereference in amdgpu_dm_fini()

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() Since 'adev->dm.dc' in amdgpu_dm_fini() might turn out to be NULL before the call to dc_enable_dmub_notifications(), check beforehand to ensure there will not be a possible NULL-ptr-deref there. Also, since commit 1e88eb1b2c25 ("drm/amd/display: Drop CONFIG_DRM_AMD_DC_HDCP") there are two separate checks for NULL in 'adev->dm.dc' before dc_deinit_callbacks() and dc_dmub_srv_destroy(). Clean up by combining them all under one 'if'. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/e040f1fbe9abae91b12b074cfc3bbb5367b79811

Patch

https://git.kernel.org/stable/c/ca2eb375db76fd50f31afdd67d6ca4f833254957

Patch

https://git.kernel.org/stable/c/1c62697e4086de988b31124fb8c79c244ea05f2b

Patch

https://git.kernel.org/stable/c/2a3cfb9a24a28da9cc13d2c525a76548865e182c

Scores

CVSS v3 5.5

EPSS 0.0027

EPSS Percentile 18.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (14)

linux/Kernel 5.14.0 - 6.6.23linux

linux/Kernel 6.7.0 - 6.7.11linux

linux/Kernel 6.8.0 - 6.8.2linux

Linux/Linux < 5.14

Linux/Linux 5.14

Linux/Linux 6.6.23 - 6.6.*

Linux/Linux 6.7.11 - 6.7.*

Linux/Linux 6.8.2 - 6.8.*

Linux/Linux 6.9

Linux/Linux 81927e2808be5adace93c2012d45d6938d3a7aa0 - 1c62697e4086de988b31124fb8c79c244ea05f2b

... and 4 more

Published May 01, 2024

Tracked Since Feb 18, 2026