CVE-2024-46694: drm/amd/display: avoid using null object of framebuffer

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: avoid using null object of framebuffer

Instead of using state->fb->obj[0] directly, get object from framebuffer
by calling drm_gem_fb_get_obj() and return error code when object is
null to avoid using null object of framebuffer.

(cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3)

Classification

CVE ID: CVE-2024-46694

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 14.64% (scored less or equal to compared to others)

EPSS Date: 2025-05-05 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-46694
https://git.kernel.org/stable/c/093ee72ed35c2338c87c26b6ba6f0b7789c9e14e
https://git.kernel.org/stable/c/f6f5e39a3fe7cbdba190f42b28b40bdff03c8cf0
https://git.kernel.org/stable/c/49e1b214f3239b78967c6ddb8f8ec47ae047b051
https://git.kernel.org/stable/c/3b9a33235c773c7a3768060cf1d2cf8a9153bc37

Timeline

2025-05-04 10:40:18 UTC
CVE

drm/amd/display: avoid using null object of framebuffer