CVE-2023-52773

drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer()

When ddc_service_construct() is called, it explicitly checks both the
link type and whether there is something on the link which will
dictate whether the pin is marked as hw_supported.

If the pin isn't set or the link is not set (such as from
unloading/reloading amdgpu in an IGT test) then fail the
amdgpu_dm_i2c_xfer() call.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: corrige una desreferencia de puntero NULL en amdgpu_dm_i2c_xfer(). Cuando se llama a ddc_service_construct(), comprueba explícitamente tanto el tipo de enlace como si hay algo en el enlace que dictará si el pin está marcado como hw_supported. Si el pin no está configurado o el enlace no está configurado (por ejemplo, al descargar/recargar amdgpu en una prueba de IGT), falle la llamada amdgpu_dm_i2c_xfer().

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-21 CVE Reserved
2024-05-21 CVE Published
2024-05-24 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/22676bc500c27d987a0b42cbe162aebf783f1c38	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/fb5c134ca589fe670430acc9e7ebf2691ca2476d	2023-11-28
https://git.kernel.org/stable/c/5b14cf37b9f01de0b28c6f8960019d4c7883ce42	2023-11-28
https://git.kernel.org/stable/c/1d07b7e84276777dad3c8cfebdf8e739606f90c9	2023-11-28
https://git.kernel.org/stable/c/b71f4ade1b8900d30c661d6c27f87c35214c398c	2023-11-17

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.1.64 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.1.64"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.5.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.6.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.6.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.7"		en		Affected