CVE-2024-47720
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-47720
CVE Details
| Release Date: | 2024-10-21 |
Description
In the Linux kernel, the following vulnerability has been resolved:\ndrm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func\nThis commit adds a null check for the set_output_gamma function pointer\nin the dcn30_set_output_transfer_func function. Previously,\nset_output_gamma was being checked for nullity at line 386, but then it\nwas being dereferenced without any nullity check at line 401. This\ncould potentially lead to a null pointer dereference error if\nset_output_gamma is indeed null.\nTo fix this, we now ensure that set_output_gamma is not null before\ndereferencing it. We do this by adding a nullity check for\nset_output_gamma before the call to set_output_gamma at line 401. If\nset_output_gamma is null, we log an error message and do not call the\nfunction.\nThis fix prevents a potential null pointer dereference error.\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:401 dcn30_set_output_transfer_func()\nerror: we previously assumed 'mpc->funcs->set_output_gamma' could be null (see line 386)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c\n373 bool dcn30_set_output_transfer_func(struct dc *dc,\n374 struct pipe_ctx *pipe_ctx,\n375 const struct dc_stream_state *stream)\n376 {\n377 int mpcc_id = pipe_ctx->plane_res.hubp->inst;\n378 struct mpc *mpc = pipe_ctx->stream_res.opp->ctx->dc->res_pool->mpc;\n379 const struct pwl_params *params = NULL;\n380 bool ret = false;\n381\n382 /* program OGAM or 3DLUT only for the top pipe*/\n383 if (pipe_ctx->top_pipe == NULL) {\n384 /*program rmu shaper and 3dlut in MPC*/\n385 ret = dcn30_set_mpc_shaper_3dlut(pipe_ctx, stream);\n386 if (ret == false && mpc->funcs->set_output_gamma) {\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If this is NULL\n387 if (stream->out_transfer_func.type == TF_TYPE_HWPWL)\n388 params = &stream->out_transfer_func.pwl;\n389 else if (pipe_ctx->stream->out_transfer_func.type ==\n390 TF_TYPE_DISTRIBUTED_POINTS &&\n391 cm3_helper_translate_curve_to_hw_format(\n392 &stream->out_transfer_func,\n393 &mpc->blender_params, false))\n394 params = &mpc->blender_params;\n395 /* there are no ROM LUTs in OUTGAM */\n396 if (stream->out_transfer_func.type == TF_TYPE_PREDEFINED)\n397 BREAK_TO_DEBUGGER();\n398 }\n399 }\n400\n--> 401 mpc->funcs->set_output_gamma(mpc, mpcc_id, params);\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Then it will crash\n402 return ret;\n403 }
See more information about CVE-2024-47720 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS metrics and score provided are preliminary and subject to review.
CVSS v3 metrics
| Base Score: | 5.5 |
| Vector String: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Version: | 3.1 |
| Attack Vector: | Local |
| Attack Complexity: | Low |
| Privileges Required: | Low |
| User Interaction: | None |
| Scope: | Unchanged |
| Confidentiality: | None |
| Integrity: | None |
| Availability: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12887 | 2024-12-18 |
| Oracle Linux version 9 (kernel-uek) | ELSA-2024-12887 | 2024-12-18 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
