CVE-2024-53060: drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
First published: Tue Nov 19 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported acpi_evaluate_object() may return AE_NOT_FOUND (failure), which would result in dereferencing buffer.pointer (obj) while being NULL. Although this case may be unrealistic for the current code, it is still better to protect against possible bugs. Bail out also when status is AE_NOT_FOUND. This fixes 1 FORWARD_NULL issue reported by Coverity Report: CID 1600951: Null pointer dereferences (FORWARD_NULL) (cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1)
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <4.19.324 | |
| Linux Kernel | >=4.20<5.4.286 | |
| Linux Kernel | >=5.5<5.10.230 | |
| Linux Kernel | >=5.11<5.15.172 | |
| Linux Kernel | >=5.16<6.1.117 | |
| Linux Kernel | >=6.2<6.6.61 | |
| Linux Kernel | >=6.7<6.11.8 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 | |
| Linux Kernel | =6.12-rc4 | |
| Linux Kernel | =6.12-rc5 | |
| Linux Kernel | =6.12-rc6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/ce8a00a00e36f61f5a1e47734332420b68784c43
- https://git.kernel.org/stable/c/8d7a28eca7553d35d4ce192fa1f390f2357df41b
- https://git.kernel.org/stable/c/2ac7f253deada4d449559b65a1c1cd0a6f6f19b7
- https://git.kernel.org/stable/c/27fc29b5376998c126c85cf9b15d9dfc2afc9cbe
- https://git.kernel.org/stable/c/1a9f55ed5b512f510ccd21ad527d532e60550e80
- https://git.kernel.org/stable/c/a613a392417532ca5aaf3deac6e3277aa7aaef2b
- https://git.kernel.org/stable/c/b9d9881237afeb52eddd70077b7174bf17e2fa30
Frequently Asked Questions
What is the severity of CVE-2024-53060?
CVE-2024-53060 is classified as a vulnerability that can lead to a NULL pointer dereference in the Linux kernel.
How does CVE-2024-53060 affect the Linux kernel?
CVE-2024-53060 can cause the system to dereference a NULL pointer when ATIF is not supported, leading to potential system crashes.
How do I fix CVE-2024-53060?
To fix CVE-2024-53060, update your Linux kernel to the latest stable version that addresses this vulnerability.
Which versions of the Linux kernel are affected by CVE-2024-53060?
CVE-2024-53060 affects Linux kernel versions from 4.20 up to and including 6.12-rc6.
Is there a workaround for CVE-2024-53060 if I cannot update the kernel immediately?
There is no documented workaround for CVE-2024-53060; the recommended action is to update to a patched version of the Linux kernel.
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3
- version/linux kernel/6.12-rc4
- version/linux kernel/6.12-rc5
- version/linux kernel/6.12-rc6