CVE-2024-27040 Vulnerability Details

  /     /     /  

CVE-2024-27040 Metadata Quick Info

CVE Published: 01/05/2024 | CVE Updated: 07/11/2024 | CVE Year: 2024
Source: Linux | Vendor: Linux | Product: Linux
Status : PUBLISHED

CVE-2024-27040 Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add \'replay\' NULL check in \'edp_set_replay_allow_active()\' In the first if statement, we\'re checking if \'replay\' is NULL. But in the second if statement, we\'re not checking if \'replay\' is NULL again before calling replay->funcs->replay_set_power_opt(). if (replay == NULL && force_static) return false; ... if (link->replay_settings.replay_feature_enabled && replay->funcs->replay_set_power_opt) { replay->funcs->replay_set_power_opt(replay, *power_opts, panel_inst); link->replay_settings.replay_power_opt_active = *power_opts; } If \'replay\' is NULL, this will cause a null pointer dereference. Fixes the below found by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:895 edp_set_replay_allow_active() error: we previously assumed \'replay\' could be null (see line 887)

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name:
Source: Linux

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: