CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer

This commit addresses a potential null pointer dereference issue in the
`dcn201_acquire_free_pipe_for_layer` function. The issue could occur
when `head_pipe` is null.

The fix adds a check to ensure `head_pipe` is not null before asserting
it. If `head_pipe` is null, the function returns NULL to prevent a
potential null pointer dereference.

Reported by smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn201/dcn201_resource.c:1016 dcn201_acquire_free_pipe_for_layer() error: we previously assumed 'head_pipe' could be null (see line 1010)

Classification

CVE ID: CVE-2024-49919

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 8.18% (scored less or equal to compared to others)

EPSS Date: 2025-03-22 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-49919
https://git.kernel.org/stable/c/16ce8fd94da8599bb6f0496895d392a69aead1c0
https://git.kernel.org/stable/c/390d757621f5f35d11a63ed7d9d3262ead240064
https://git.kernel.org/stable/c/8a1b1655a490a492a5a6987254c935ecce4eb9de
https://git.kernel.org/stable/c/f22f4754aaa47d8c59f166ba3042182859e5dff7

Timeline

2025-02-21 14:40:10 UTC
CVE

drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer
2025-03-06 09:45:29 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-49919