// For flags

CVE-2024-27040

drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()'

Severity Score

4.7
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()'

In the first if statement, we're checking if 'replay' is NULL. But in
the second if statement, we're not checking if 'replay' is NULL again
before calling replay->funcs->replay_set_power_opt().

if (replay == NULL && force_static)
return false;

...

if (link->replay_settings.replay_feature_enabled &&
replay->funcs->replay_set_power_opt) {
replay->funcs->replay_set_power_opt(replay, *power_opts, panel_inst);
link->replay_settings.replay_power_opt_active = *power_opts;
}

If 'replay' is NULL, this will cause a null pointer dereference.

Fixes the below found by smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:895 edp_set_replay_allow_active() error: we previously assumed 'replay' could be null (see line 887)

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: agregue la verificación NULL 'replay' en 'edp_set_replay_allow_active()' En la primera declaración if, estamos verificando si 'replay' es NULL. Pero en la segunda declaración if, no estamos verificando si 'replay' es NULL nuevamente antes de llamar a replay->funcs->replay_set_power_opt(). si (repetición == NULL && force_static) devuelve falso; ... if (enlace->replay_settings.replay_feature_enabled && replay->funcs->replay_set_power_opt) { replay->funcs->replay_set_power_opt(replay, *power_opts, panel_inst); enlace->replay_settings.replay_power_opt_active = *power_opts; } Si 'repetición' es NULL, esto provocará una desreferencia del puntero nulo. Corrige el siguiente error encontrado por smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:895 edp_set_replay_allow_active(): previamente asumimos que 'repetir' podría ser nulo (ver línea 887)

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-19 CVE Reserved
  • 2024-05-01 CVE Published
  • 2024-05-02 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.6 < 6.6.23
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.6.23"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.6 < 6.7.11
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.7.11"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.6 < 6.8.2
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.8.2"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.6 < 6.9
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.9"
en
Affected