CVE-2024-43901
Aug. 27, 2024, 2:38 p.m.
5.5
Medium
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401
When users run the command:
cat /sys/kernel/debug/dri/0/amdgpu_dm_dtn_log
The following NULL pointer dereference happens:
[ +0.000003] BUG: kernel NULL pointer dereference, address: NULL
[ +0.000005] #PF: supervisor instruction fetch in kernel mode
[ +0.000002] #PF: error_code(0x0010) - not-present page
[ +0.000002] PGD 0 P4D 0
[ +0.000004] Oops: 0010 [#1] PREEMPT SMP NOPTI
[ +0.000003] RIP: 0010:0x0
[ +0.000008] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[...]
[ +0.000002] PKRU: 55555554
[ +0.000002] Call Trace:
[ +0.000002] <TASK>
[ +0.000003] ? show_regs+0x65/0x70
[ +0.000006] ? __die+0x24/0x70
[ +0.000004] ? page_fault_oops+0x160/0x470
[ +0.000006] ? do_user_addr_fault+0x2b5/0x690
[ +0.000003] ? prb_read_valid+0x1c/0x30
[ +0.000005] ? exc_page_fault+0x8c/0x1a0
[ +0.000005] ? asm_exc_page_fault+0x27/0x30
[ +0.000012] dcn10_log_color_state+0xf9/0x510 [amdgpu]
[ +0.000306] ? srso_alias_return_thunk+0x5/0xfbef5
[ +0.000003] ? vsnprintf+0x2fb/0x600
[ +0.000009] dcn10_log_hw_state+0xfd0/0xfe0 [amdgpu]
[ +0.000218] ? __mod_memcg_lruvec_state+0xe8/0x170
[ +0.000008] ? srso_alias_return_thunk+0x5/0xfbef5
[ +0.000002] ? debug_smp_processor_id+0x17/0x20
[ +0.000003] ? srso_alias_return_thunk+0x5/0xfbef5
[ +0.000002] ? srso_alias_return_thunk+0x5/0xfbef5
[ +0.000002] ? set_ptes.isra.0+0x2b/0x90
[ +0.000004] ? srso_alias_return_thunk+0x5/0xfbef5
[ +0.000002] ? _raw_spin_unlock+0x19/0x40
[ +0.000004] ? srso_alias_return_thunk+0x5/0xfbef5
[ +0.000002] ? do_anonymous_page+0x337/0x700
[ +0.000004] dtn_log_read+0x82/0x120 [amdgpu]
[ +0.000207] full_proxy_read+0x66/0x90
[ +0.000007] vfs_read+0xb0/0x340
[ +0.000005] ? __count_memcg_events+0x79/0xe0
[ +0.000002] ? srso_alias_return_thunk+0x5/0xfbef5
[ +0.000003] ? count_memcg_events.constprop.0+0x1e/0x40
[ +0.000003] ? handle_mm_fault+0xb2/0x370
[ +0.000003] ksys_read+0x6b/0xf0
[ +0.000004] __x64_sys_read+0x19/0x20
[ +0.000003] do_syscall_64+0x60/0x130
[ +0.000004] entry_SYSCALL_64_after_hwframe+0x6e/0x76
[ +0.000003] RIP: 0033:0x7fdf32f147e2
[...]
This error happens when the color log tries to read the gamut remap
information from DCN401 which is not initialized in the dcn401_dpp_funcs
which leads to a null pointer dereference. This commit addresses this
issue by adding a proper guard to access the gamut_remap callback in
case the specific ASIC did not implement this function.
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Linux |
|
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
CWE-476
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
*CPE(s)
Affected systems and software identified for this CVE.
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| o | linux | linux_kernel | / | / | / | / | / | / | / | / |
Tags
CVSS Score
CVSS Data - 3.1
- Attack Vector: LOCAL
- Attack Complexity: LOW
- Privileges Required: LOW
- Scope: UNCHANGED
- Confidentiality Impact: NONE
- Integrity Impact: NONE
- Availability Impact: HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Timeline
Published: Aug. 26, 2024, 11:15 a.m.
Last Modified: Aug. 27, 2024, 2:38 p.m.
Last Modified: Aug. 27, 2024, 2:38 p.m.
Status : Analyzed
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
416baaa9-dc9f-4396-8d5f-8c081fb06d67
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.