CVE-2024-26649

MEDIUM5.5

drm/amdgpu: Fix the null pointer when load rlc firmware

Published Mar 26, 2024

Modified 8 months ago

No fix available

Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix the null pointer when load rlc firmware

If the RLC firmware is invalid because of wrong header size, the pointer to the rlc firmware is released in function amdgpu_ucode_request. There will be a null pointer error in subsequent use. So skip validation to fix it.

References

WEBhttps://git.kernel.org/stable/c/8b5bacce2d13dbe648f0bfd3f738ecce8db4978c WEBhttps://git.kernel.org/stable/c/bc03c02cc1991a066b23e69bbcc0f66e8f1f7453 WEBhttps://git.kernel.org/stable/c/d3887448486caeef9687fb5dfebd4ff91e0f25aa ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2024-26649

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedMar 26, 2024

ModifiedMay 4, 2025