CVE-2024-46698
Severity:
MEDIUM
Type:
CWE-476
NULL Pointer Dereference
Publication date:
13/09/2024
Last modified:
13/09/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
video/aperture: optionally match the device in sysfb_disable()<br />
<br />
In aperture_remove_conflicting_pci_devices(), we currently only<br />
call sysfb_disable() on vga class devices. This leads to the<br />
following problem when the pimary device is not VGA compatible:<br />
<br />
1. A PCI device with a non-VGA class is the boot display<br />
2. That device is probed first and it is not a VGA device so<br />
sysfb_disable() is not called, but the device resources<br />
are freed by aperture_detach_platform_device()<br />
3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable()<br />
4. NULL pointer dereference via sysfb_disable() since the resources<br />
have already been freed by aperture_detach_platform_device() when<br />
it was called by the other device.<br />
<br />
Fix this by passing a device pointer to sysfb_disable() and checking<br />
the device to determine if we should execute it or not.<br />
<br />
v2: Fix build when CONFIG_SCREEN_INFO is not set<br />
v3: Move device check into the mutex<br />
Drop primary variable in aperture_remove_conflicting_pci_devices()<br />
Drop __init on pci sysfb_pci_dev_is_enabled()
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.5 (including) | 6.10.8 (excluding) |
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:* | ||
cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page