CVE-2024-36897

MEDIUM

Linux Kernel - Null Pointer Dereference in DRM AMD Display BIOS Parser

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Atom Integrated System Info v2_2 for DCN35 New request from KMD/VBIOS in order to support new UMA carveout model. This fixes a null dereference from accessing Ctx->dc_bios->integrated_info while it was NULL. DAL parses through the BIOS and extracts the necessary integrated_info but was missing a case for the new BIOS version 2.3.

References (5)

Core 5

Core References

Patch

https://git.kernel.org/stable/c/3c7013a87124bab54216d9b99f77e8b6de6fbc1a

Patch

https://git.kernel.org/stable/c/02f5300f6827206f6e48a77f51e6264993695e5c

Patch

https://git.kernel.org/stable/c/7e3030774431eb093165a31baff040d35446fb8b

Patch

https://git.kernel.org/stable/c/c2797ec16d9072327e7578d09ee05bcab52fffd0

Patch

https://git.kernel.org/stable/c/9a35d205f466501dcfe5625ca313d944d0ac2d60

Scores

CVSS v3 5.5

EPSS 0.0023

EPSS Percentile 13.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (17)

linux/Kernel 4.15.0 - 5.15.159linux

linux/Kernel 5.16.0 - 6.1.91linux

linux/Kernel 6.2.0 - 6.6.31linux

linux/Kernel 6.7.0 - 6.8.10linux

Linux/Linux < 4.15

Linux/Linux 4.15

Linux/Linux 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c - 02f5300f6827206f6e48a77f51e6264993695e5c

Linux/Linux 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c - 3c7013a87124bab54216d9b99f77e8b6de6fbc1a

Linux/Linux 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c - 7e3030774431eb093165a31baff040d35446fb8b

Linux/Linux 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c - 9a35d205f466501dcfe5625ca313d944d0ac2d60

... and 7 more

Published May 30, 2024

Tracked Since Feb 18, 2026