CVE-2024-50156: drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
First published: Thu Nov 07 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() If the allocation in msm_disp_state_dump_regs() failed then `block->state` can be NULL. The msm_disp_state_print_regs() function _does_ have code to try to handle it with: if (*reg) dump_addr = *reg; ...but since "dump_addr" is initialized to NULL the above is actually a noop. The code then goes on to dereference `dump_addr`. Make the function print "Registers not stored" when it sees a NULL to solve this. Since we're touching the code, fix msm_disp_state_print_regs() not to pointlessly take a double-pointer and properly mark the pointer as `const`. Patchwork: https://patchwork.freedesktop.org/patch/619657/
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=5.14<5.15.170 | |
| Linux Kernel | >=5.16<6.1.115 | |
| Linux Kernel | >=6.2<6.6.59 | |
| Linux Kernel | >=6.7<6.11.6 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/42cf045086feae77b212f0f66e742b91a5b566b7
- https://git.kernel.org/stable/c/e8e9f2a12a6214080c8ea83220a596f6e1dedc6c
- https://git.kernel.org/stable/c/f7ad916273483748582d97cfa31054ccb19224f3
- https://git.kernel.org/stable/c/563aa81fd66a4e7e6e551a0e02bcc23957cafe2f
- https://git.kernel.org/stable/c/293f53263266bc4340d777268ab4328a97f041fa
Frequently Asked Questions
What is the severity of CVE-2024-50156?
CVE-2024-50156 has been classified with a severity that indicates a potential risk of a NULL dereference vulnerability.
How do I fix CVE-2024-50156?
To address CVE-2024-50156, ensure your Linux kernel is updated to a version that includes the patch resolving this vulnerability.
Which versions are affected by CVE-2024-50156?
CVE-2024-50156 affects various Linux kernel versions, specifically those between 5.14 and 5.15.170, 5.16 and 6.1.115, and 6.2 to 6.6.59, among others.
What systems are impacted by CVE-2024-50156?
CVE-2024-50156 impacts systems running the affected versions of the Linux kernel.
What is the nature of the vulnerability in CVE-2024-50156?
CVE-2024-50156 involves a NULL dereference in the msm_disp_state_print_regs() function, which can occur if allocation fails.
- agent/title
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- agent/remedy
- agent/severity
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.14
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3