CVE-2024-38548

drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference

In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is
assigned to mhdp_state->current_mode, and there is a dereference of it in
drm_mode_set_name(), which will lead to a NULL pointer dereference on
failure of drm_mode_duplicate().

Fix this bug add a check of mhdp_state->current_mode.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: bridge: cdns-mhdp8546: corrige posible desreferencia del puntero nulo En cdns_mhdp_atomic_enable(), el valor de retorno de drm_mode_duplicate() se asigna a mhdp_state->current_mode, y hay una desreferencia de él en drm_mode_set_name(), lo que conducirá a una desreferencia del puntero NULL en caso de falla de drm_mode_duplicate(). Solucione este error y agregue una verificación de mhdp_state->current_mode.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-18 CVE Reserved
2024-06-19 CVE Published
2024-06-20 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/85d1a27402f81f2e04b0e67d20f749c2a14edbb3	2024-06-16
https://git.kernel.org/stable/c/89788cd9824c28ffcdea40232c458233353d1896	2024-06-16
https://git.kernel.org/stable/c/ca53b7efd4ba6ae92fd2b3085cb099c745e96965	2024-06-12
https://git.kernel.org/stable/c/dcf53e6103b26e7458be71491d0641f49fbd5840	2024-06-12
https://git.kernel.org/stable/c/32fb2ef124c3301656ac6c789a2ef35ef69a66da	2024-05-30
https://git.kernel.org/stable/c/47889711da20be9b43e1e136e5cb68df37cbcc79	2024-05-30
https://git.kernel.org/stable/c/935a92a1c400285545198ca2800a4c6c519c650a	2024-04-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 5.10.219 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.10.219"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 5.15.161 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.15.161"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.1.93 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.1.93"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.6.33"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.8.12"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.9.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 6.10"		en		Affected