medium
5.5
CWE
476
EPSS
0.030%
Advisory Published
Updated

CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream

First published: Mon Oct 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream This commit addresses a null pointer dereference issue in the `commit_planes_for_stream` function at line 4140. The issue could occur when `top_pipe_to_program` is null. The fix adds a check to ensure `top_pipe_to_program` is not null before accessing its stream_res. This prevents a null pointer dereference. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:4140 commit_planes_for_stream() error: we previously assumed 'top_pipe_to_program' could be null (see line 3906)

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux kernel<5.10.227
Linux kernel>=5.11<5.15.168
Linux kernel>=5.16<6.1.113
Linux kernel>=6.2<6.6.55
Linux kernel>=6.7<6.10.14
Linux kernel>=6.11<6.11.3
Linux Kernel<5.10.227
Linux Kernel>=5.11<5.15.168
Linux Kernel>=5.16<6.1.113
Linux Kernel>=6.2<6.6.55
Linux Kernel>=6.7<6.10.14
Linux Kernel>=6.11<6.11.3
debian/linux<=5.10.223-1
5.10.234-1
6.1.129-1
6.1.135-1
6.12.25-1
6.12.27-1
debian/linux-6.1
6.1.129-1~deb11u1

Remedy

https://git.kernel.org/stable/c/1ebfa6663807c144be8c8b6727375012409d2356

Remedy

https://git.kernel.org/stable/c/3929e382e4758aff42da0102a60d13337c99d3b8

Remedy

https://git.kernel.org/stable/c/40193ff73630adf76bc0d82398f7d90fb576dba4

Remedy

https://git.kernel.org/stable/c/66d71a72539e173a9b00ca0b1852cbaa5f5bf1ad

Remedy

https://git.kernel.org/stable/c/73efd2a611b62fee71a7b7f27d9d08bb60da8a72

Remedy

https://git.kernel.org/stable/c/8ab59527852a6f7780aad6185729550ca0569122

Remedy

https://git.kernel.org/stable/c/e47e563c6f0db7d792a559301862c19ead0dfc2f

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-49913?

    CVE-2024-49913 is classified as a moderate severity vulnerability due to the potential for a null pointer dereference in the Linux kernel.

  • How do I fix CVE-2024-49913?

    To remediate CVE-2024-49913, update the Linux kernel to a fixed version, specifically to one greater than 5.10.227, or apply the patches provided in the associated security updates.

  • Which Linux kernel versions are affected by CVE-2024-49913?

    CVE-2024-49913 affects multiple Linux kernel versions, specifically from 5.10.0 up to but not including 5.10.227, 5.11 up to 5.15.168, 5.16 up to 6.1.113, 6.2 up to 6.6.55, 6.7 up to 6.10.14, and 6.11.0 up to 6.11.3.

  • What is the impact of CVE-2024-49913?

    The impact of CVE-2024-49913 is primarily the potential for a denial of service due to a null pointer dereference.

  • Is there an official patch for CVE-2024-49913?

    Yes, there are official patches available for CVE-2024-49913 which are included in the latest updates of the affected Linux kernel versions.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203