CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2024-42310: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
5.5
CVSS
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
In cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate()
is assigned to mode, which will lead to a NULL pointer dereference on
failure of drm_mode_duplicate(). Add a check to avoid npd.
Classification
CVE ID: CVE-2024-42310
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.5
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
Vendor: Linux
Product: Linux
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.07% (probability of being exploited)
EPSS Percentile: 22.77% (scored less or equal to compared to others)
EPSS Date: 2025-06-02 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-42310https://git.kernel.org/stable/c/f392c36cebf4c1d6997a4cc2c0f205254acef42a
https://git.kernel.org/stable/c/a658ae2173ab74667c009e2550455e6de5b33ddc
https://git.kernel.org/stable/c/b6ac46a00188cde50ffba233e6efb366354a1de5
https://git.kernel.org/stable/c/08f45102c81ad8bc9f85f7a25e9f64e128edb87d
https://git.kernel.org/stable/c/e74eb5e8089427c8c49e0dd5067e5f39ce3a4d56
https://git.kernel.org/stable/c/2d209b2f862f6b8bff549ede541590a8d119da23
https://git.kernel.org/stable/c/977ee4fe895e1729cd36cc26916bbb10084713d6
https://git.kernel.org/stable/c/cb520c3f366c77e8d69e4e2e2781a8ce48d98e79