medium
5.5
CWE
476
Advisory Published
Updated

CVE-2024-50117: drm/amd: Guard against bad data for ATIF ACPI method

First published: Tue Nov 05 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ``` ? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1)) ? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434) ? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2)) ? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1)) ? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642) ? exc_page_fault (arch/x86/mm/fault.c:1542) ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623) ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminator 2)) amdgpu ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminator 1)) amdgpu ``` It has been encountered on at least one system, so guard for it. (cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee)

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=4.2<4.19.323
Linux Kernel>=4.20<5.4.285
Linux Kernel>=5.5<5.10.229
Linux Kernel>=5.11<5.15.170
Linux Kernel>=5.16<6.1.115
Linux Kernel>=6.2<6.6.59
Linux Kernel>=6.7<6.11.6
Linux Kernel=6.12-rc1
Linux Kernel=6.12-rc2
Linux Kernel=6.12-rc3
Linux Kernel=6.12-rc4
debian/linux<=5.10.223-1
5.10.234-1
6.1.129-1
6.1.128-1
6.12.20-1
6.12.21-1
debian/linux-6.1
6.1.129-1~deb11u1

Remedy

https://git.kernel.org/stable/c/1d7175f9c57b1abf9ecfbdfd53ea760761f52ffe

Remedy

https://git.kernel.org/stable/c/234682910971732cd4da96fd95946e296e486b38

Remedy

https://git.kernel.org/stable/c/43b4fa6e0e238c6e2662f4fb61d9f51c2785fb1d

Remedy

https://git.kernel.org/stable/c/58556dcbd5606a5daccaee73b2130bc16b48e025

Remedy

https://git.kernel.org/stable/c/6032287747f874b52dc8b9d7490e2799736e035f

Remedy

https://git.kernel.org/stable/c/975ede2a7bec52b5da1428829b3439667c8a234b

Remedy

https://git.kernel.org/stable/c/bf58f03931fdcf7b3c45cb76ac13244477a60f44

Remedy

https://git.kernel.org/stable/c/cd67af3c1762de4c2483ae4dbdd98f9ea8fa56e3

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-50117?

    CVE-2024-50117 has a high severity due to the potential NULL pointer dereference it causes.

  • How do I fix CVE-2024-50117?

    To fix CVE-2024-50117, update your Linux kernel to the latest version that addresses this vulnerability.

  • What systems are affected by CVE-2024-50117?

    CVE-2024-50117 affects multiple versions of the Linux kernel from 4.2 to 6.12-rc4.

  • What is the nature of CVE-2024-50117?

    CVE-2024-50117 is a vulnerability in the Linux kernel related to handling bad data from the ATIF ACPI method.

  • Can CVE-2024-50117 be exploited remotely?

    CVE-2024-50117 may be exploited if a BIOS provides malformed data, allowing local attackers to cause a crash.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203