CVE-2024-38548: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
First published: Wed Jun 19 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is assigned to mhdp_state->current_mode, and there is a dereference of it in drm_mode_set_name(), which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Fix this bug add a check of mhdp_state->current_mode.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=5.10<5.10.219 | |
| Linux Kernel | >=5.11<5.15.161 | |
| Linux Kernel | >=5.16<6.1.93 | |
| Linux Kernel | >=6.2<6.6.33 | |
| Linux Kernel | >=6.7<6.8.12 | |
| Linux Kernel | >=6.9<6.9.3 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.21-1 6.12.22-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/32fb2ef124c3301656ac6c789a2ef35ef69a66da
- https://git.kernel.org/stable/c/47889711da20be9b43e1e136e5cb68df37cbcc79
- https://git.kernel.org/stable/c/85d1a27402f81f2e04b0e67d20f749c2a14edbb3
- https://git.kernel.org/stable/c/89788cd9824c28ffcdea40232c458233353d1896
- https://git.kernel.org/stable/c/935a92a1c400285545198ca2800a4c6c519c650a
- https://git.kernel.org/stable/c/ca53b7efd4ba6ae92fd2b3085cb099c745e96965
- https://git.kernel.org/stable/c/dcf53e6103b26e7458be71491d0641f49fbd5840
- https://launchpad.net/bugs/cve/CVE-2024-38548
- https://git.kernel.org/linus/935a92a1c400285545198ca2800a4c6c519c650a
- https://security-tracker.debian.org/tracker/CVE-2024-38548
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38548
- https://nvd.nist.gov/vuln/detail/CVE-2024-38548
- https://ubuntu.com/security/CVE-2024-38548
Frequently Asked Questions
What is the severity of CVE-2024-38548?
CVE-2024-38548 has been classified as a moderate severity vulnerability in the Linux kernel.
How do I fix CVE-2024-38548?
To fix CVE-2024-38548, update to one of the following patched kernel versions: 5.10.223-1, 5.10.234-1, 6.1.123-1, 6.1.128-1, 6.12.12-1, or 6.12.17-1.
Which Linux kernel version is vulnerable to CVE-2024-38548?
CVE-2024-38548 affects specific versions of the Linux kernel prior to the patched releases listed in the remediation.
What does CVE-2024-38548 affect in the Linux kernel?
CVE-2024-38548 affects the Direct Rendering Manager (DRM) subsystem related to the cdns-mhdp8546 driver.
Is CVE-2024-38548 a potential security risk?
Yes, CVE-2024-38548 could lead to a null pointer dereference, which may affect the stability and security of affected systems.
- agent/title
- agent/type
- agent/weakness
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/author
- agent/first-publish-date
- agent/references
- agent/severity
- collector/nvd-cve
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- collector/usn-cve
- source/Ubuntu
- agent/tags
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.10
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.9