CVE-2024-26649

drm/amdgpu: Fix the null pointer when load rlc firmware

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size,
the pointer to the rlc firmware is released in function
amdgpu_ucode_request. There will be a null pointer error
in subsequent use. So skip validation to fix it.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu: corrige el puntero nulo al cargar el firmware rlc. Si el firmware RLC no es válido debido a un tamaño de encabezado incorrecto, el puntero al firmware rlc se libera en la función amdgpu_ucode_request. Habrá un error de puntero nulo en el uso posterior. Así que omita la validación para solucionarlo.

A vulnerability was found in the drm/amdgpu driver of Linux Kernel, causing null pointer dereference when attempting to load RLC (Run-Length Coding) firmware. This issue arises if the firmware has an incorrect header size, causing premature release of the firmware pointer in amdgpu_ucode_request(), subsequently attempts to use the nullified pointer result in errors.

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size, the pointer to the rlc firmware is released in function amdgpu_ucode_request. There will be a null pointer error in subsequent use. So skip validation to fix it.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Multiple

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-03-26 CVE Published
2024-03-27 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/3da9b71563cbb7281875adab1d7c4132679da987	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/8b5bacce2d13dbe648f0bfd3f738ecce8db4978c	2024-02-01
https://git.kernel.org/stable/c/d3887448486caeef9687fb5dfebd4ff91e0f25aa	2024-02-01
https://git.kernel.org/stable/c/bc03c02cc1991a066b23e69bbcc0f66e8f1f7453	2024-01-18

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26649	2024-09-24
https://bugzilla.redhat.com/show_bug.cgi?id=2271796	2024-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.6.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.7.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.7.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.8"		en		Affected