CVE-2024-43901
- Source
- https://cve.org/CVERecord?id=CVE-2024-43901
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43901.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-43901
- Downstream
- Published
- 2024-08-26T10:11:00.255Z
- Modified
- 2026-04-02T12:18:29.001606Z
- Summary
- drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401
When users run the command:
cat /sys/kernel/debug/dri/0/amdgpudmdtn_log
The following NULL pointer dereference happens:
[ +0.000003] BUG: kernel NULL pointer dereference, address: NULL [ +0.000005] #PF: supervisor instruction fetch in kernel mode [ +0.000002] #PF: errorcode(0x0010) - not-present page [ +0.000002] PGD 0 P4D 0 [ +0.000004] Oops: 0010 [#1] PREEMPT SMP NOPTI [ +0.000003] RIP: 0010:0x0 [ +0.000008] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [...] [ +0.000002] PKRU: 55555554 [ +0.000002] Call Trace: [ +0.000002] <TASK> [ +0.000003] ? showregs+0x65/0x70 [ +0.000006] ? __die+0x24/0x70 [ +0.000004] ? pagefaultoops+0x160/0x470 [ +0.000006] ? do_useraddrfault+0x2b5/0x690 [ +0.000003] ? prbreadvalid+0x1c/0x30 [ +0.000005] ? excpagefault+0x8c/0x1a0 [ +0.000005] ? asmexcpagefault+0x27/0x30 [ +0.000012] dcn10logcolorstate+0xf9/0x510 [amdgpu] [ +0.000306] ? srsoaliasreturnthunk+0x5/0xfbef5 [ +0.000003] ? vsnprintf+0x2fb/0x600 [ +0.000009] dcn10loghwstate+0xfd0/0xfe0 [amdgpu] [ +0.000218] ? __modmemcglruvecstate+0xe8/0x170 [ +0.000008] ? srsoaliasreturnthunk+0x5/0xfbef5 [ +0.000002] ? debugsmpprocessorid+0x17/0x20 [ +0.000003] ? srsoaliasreturnthunk+0x5/0xfbef5 [ +0.000002] ? srsoaliasreturnthunk+0x5/0xfbef5 [ +0.000002] ? setptes.isra.0+0x2b/0x90 [ +0.000004] ? srsoaliasreturnthunk+0x5/0xfbef5 [ +0.000002] ? rawspinunlock+0x19/0x40 [ +0.000004] ? srsoaliasreturnthunk+0x5/0xfbef5 [ +0.000002] ? doanonymouspage+0x337/0x700 [ +0.000004] dtnlogread+0x82/0x120 [amdgpu] [ +0.000207] fullproxyread+0x66/0x90 [ +0.000007] vfsread+0xb0/0x340 [ +0.000005] ? __countmemcgevents+0x79/0xe0 [ +0.000002] ? srsoaliasreturnthunk+0x5/0xfbef5 [ +0.000003] ? countmemcgevents.constprop.0+0x1e/0x40 [ +0.000003] ? handlemmfault+0xb2/0x370 [ +0.000003] ksysread+0x6b/0xf0 [ +0.000004] __x64sysread+0x19/0x20 [ +0.000003] dosyscall64+0x60/0x130 [ +0.000004] entrySYSCALL64afterhwframe+0x6e/0x76 [ +0.000003] RIP: 0033:0x7fdf32f147e2 [...]
This error happens when the color log tries to read the gamut remap information from DCN401 which is not initialized in the dcn401dppfuncs which leads to a null pointer dereference. This commit addresses this issue by adding a proper guard to access the gamut_remap callback in case the specific ASIC did not implement this function.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43901.json" }- References
-
- https://git.kernel.org/stable/c/1e68b7ce6bc6073579fe8713ec6b85aa9cd2e351
- https://git.kernel.org/stable/c/5af757124792817f8eb1bd0c80ad60fab519586b
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43901.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-43901
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git