CVE-2024-26728 (GCVE-0-2024-26728)
Vulnerability from cvelistv5 – Published: 2024-04-03 17:00 – Updated: 2025-05-04 08:55
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fix null-pointer dereference on edid reading
Use i2c adapter when there isn't aux_mode in dc_link to fix a
null-pointer derefence that happens when running
igt@kms_force_connector_basic in a system with DCN2.1 and HDMI connector
detected as below:
[ +0.178146] BUG: kernel NULL pointer dereference, address: 00000000000004c0
[ +0.000010] #PF: supervisor read access in kernel mode
[ +0.000005] #PF: error_code(0x0000) - not-present page
[ +0.000004] PGD 0 P4D 0
[ +0.000006] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ +0.000006] CPU: 15 PID: 2368 Comm: kms_force_conne Not tainted 6.5.0-asdn+ #152
[ +0.000005] Hardware name: HP HP ENVY x360 Convertible 13-ay1xxx/8929, BIOS F.01 07/14/2021
[ +0.000004] RIP: 0010:i2c_transfer+0xd/0x100
[ +0.000011] Code: ea fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 <48> 8b 47 10 48 89 fb 48 83 38 00 0f 84 b3 00 00 00 83 3d 2f 80 16
[ +0.000004] RSP: 0018:ffff9c4f89c0fad0 EFLAGS: 00010246
[ +0.000005] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000080
[ +0.000003] RDX: 0000000000000002 RSI: ffff9c4f89c0fb20 RDI: 00000000000004b0
[ +0.000003] RBP: ffff9c4f89c0fb80 R08: 0000000000000080 R09: ffff8d8e0b15b980
[ +0.000003] R10: 00000000000380e0 R11: 0000000000000000 R12: 0000000000000080
[ +0.000002] R13: 0000000000000002 R14: ffff9c4f89c0fb0e R15: ffff9c4f89c0fb0f
[ +0.000004] FS: 00007f9ad2176c40(0000) GS:ffff8d90fe9c0000(0000) knlGS:0000000000000000
[ +0.000003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ +0.000004] CR2: 00000000000004c0 CR3: 0000000121bc4000 CR4: 0000000000750ee0
[ +0.000003] PKRU: 55555554
[ +0.000003] Call Trace:
[ +0.000006] <TASK>
[ +0.000006] ? __die+0x23/0x70
[ +0.000011] ? page_fault_oops+0x17d/0x4c0
[ +0.000008] ? preempt_count_add+0x6e/0xa0
[ +0.000008] ? srso_alias_return_thunk+0x5/0x7f
[ +0.000011] ? exc_page_fault+0x7f/0x180
[ +0.000009] ? asm_exc_page_fault+0x26/0x30
[ +0.000013] ? i2c_transfer+0xd/0x100
[ +0.000010] drm_do_probe_ddc_edid+0xc2/0x140 [drm]
[ +0.000067] ? srso_alias_return_thunk+0x5/0x7f
[ +0.000006] ? _drm_do_get_edid+0x97/0x3c0 [drm]
[ +0.000043] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]
[ +0.000042] edid_block_read+0x3b/0xd0 [drm]
[ +0.000043] _drm_do_get_edid+0xb6/0x3c0 [drm]
[ +0.000041] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]
[ +0.000043] drm_edid_read_custom+0x37/0xd0 [drm]
[ +0.000044] amdgpu_dm_connector_mode_valid+0x129/0x1d0 [amdgpu]
[ +0.000153] drm_connector_mode_valid+0x3b/0x60 [drm_kms_helper]
[ +0.000000] __drm_helper_update_and_validate+0xfe/0x3c0 [drm_kms_helper]
[ +0.000000] ? amdgpu_dm_connector_get_modes+0xb6/0x520 [amdgpu]
[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f
[ +0.000000] drm_helper_probe_single_connector_modes+0x2ab/0x540 [drm_kms_helper]
[ +0.000000] status_store+0xb2/0x1f0 [drm]
[ +0.000000] kernfs_fop_write_iter+0x136/0x1d0
[ +0.000000] vfs_write+0x24d/0x440
[ +0.000000] ksys_write+0x6f/0xf0
[ +0.000000] do_syscall_64+0x60/0xc0
[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f
[ +0.000000] ? syscall_exit_to_user_mode+0x2b/0x40
[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f
[ +0.000000] ? do_syscall_64+0x6c/0xc0
[ +0.000000] ? do_syscall_64+0x6c/0xc0
[ +0.000000] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[ +0.000000] RIP: 0033:0x7f9ad46b4b00
[ +0.000000] Code: 40 00 48 8b 15 19 b3 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d e1 3a 0e 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
[ +0.000000] RSP: 002b:00007ffcbd3bd6d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ +0.000000] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ad46b4b00
[ +0.000000] RDX: 0000000000000002 RSI: 00007f9ad48a7417 RDI: 0000000000000009
[ +0.000000] RBP: 0000000000000002 R08
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26728",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:52:07.138513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:21.807Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2d392f7268a1a9bfbd98c831f0f4c964e59aa145",
"status": "affected",
"version": "0e859faf8670a78ce206977dcf1a31a0231e9ca5",
"versionType": "git"
},
{
"lessThan": "9671761792156f2339627918bafcd713a8a6f777",
"status": "affected",
"version": "0e859faf8670a78ce206977dcf1a31a0231e9ca5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix null-pointer dereference on edid reading\n\nUse i2c adapter when there isn\u0027t aux_mode in dc_link to fix a\nnull-pointer derefence that happens when running\nigt@kms_force_connector_basic in a system with DCN2.1 and HDMI connector\ndetected as below:\n\n[ +0.178146] BUG: kernel NULL pointer dereference, address: 00000000000004c0\n[ +0.000010] #PF: supervisor read access in kernel mode\n[ +0.000005] #PF: error_code(0x0000) - not-present page\n[ +0.000004] PGD 0 P4D 0\n[ +0.000006] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000006] CPU: 15 PID: 2368 Comm: kms_force_conne Not tainted 6.5.0-asdn+ #152\n[ +0.000005] Hardware name: HP HP ENVY x360 Convertible 13-ay1xxx/8929, BIOS F.01 07/14/2021\n[ +0.000004] RIP: 0010:i2c_transfer+0xd/0x100\n[ +0.000011] Code: ea fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 \u003c48\u003e 8b 47 10 48 89 fb 48 83 38 00 0f 84 b3 00 00 00 83 3d 2f 80 16\n[ +0.000004] RSP: 0018:ffff9c4f89c0fad0 EFLAGS: 00010246\n[ +0.000005] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000080\n[ +0.000003] RDX: 0000000000000002 RSI: ffff9c4f89c0fb20 RDI: 00000000000004b0\n[ +0.000003] RBP: ffff9c4f89c0fb80 R08: 0000000000000080 R09: ffff8d8e0b15b980\n[ +0.000003] R10: 00000000000380e0 R11: 0000000000000000 R12: 0000000000000080\n[ +0.000002] R13: 0000000000000002 R14: ffff9c4f89c0fb0e R15: ffff9c4f89c0fb0f\n[ +0.000004] FS: 00007f9ad2176c40(0000) GS:ffff8d90fe9c0000(0000) knlGS:0000000000000000\n[ +0.000003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ +0.000004] CR2: 00000000000004c0 CR3: 0000000121bc4000 CR4: 0000000000750ee0\n[ +0.000003] PKRU: 55555554\n[ +0.000003] Call Trace:\n[ +0.000006] \u003cTASK\u003e\n[ +0.000006] ? __die+0x23/0x70\n[ +0.000011] ? page_fault_oops+0x17d/0x4c0\n[ +0.000008] ? preempt_count_add+0x6e/0xa0\n[ +0.000008] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000011] ? exc_page_fault+0x7f/0x180\n[ +0.000009] ? asm_exc_page_fault+0x26/0x30\n[ +0.000013] ? i2c_transfer+0xd/0x100\n[ +0.000010] drm_do_probe_ddc_edid+0xc2/0x140 [drm]\n[ +0.000067] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000006] ? _drm_do_get_edid+0x97/0x3c0 [drm]\n[ +0.000043] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\n[ +0.000042] edid_block_read+0x3b/0xd0 [drm]\n[ +0.000043] _drm_do_get_edid+0xb6/0x3c0 [drm]\n[ +0.000041] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\n[ +0.000043] drm_edid_read_custom+0x37/0xd0 [drm]\n[ +0.000044] amdgpu_dm_connector_mode_valid+0x129/0x1d0 [amdgpu]\n[ +0.000153] drm_connector_mode_valid+0x3b/0x60 [drm_kms_helper]\n[ +0.000000] __drm_helper_update_and_validate+0xfe/0x3c0 [drm_kms_helper]\n[ +0.000000] ? amdgpu_dm_connector_get_modes+0xb6/0x520 [amdgpu]\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000000] drm_helper_probe_single_connector_modes+0x2ab/0x540 [drm_kms_helper]\n[ +0.000000] status_store+0xb2/0x1f0 [drm]\n[ +0.000000] kernfs_fop_write_iter+0x136/0x1d0\n[ +0.000000] vfs_write+0x24d/0x440\n[ +0.000000] ksys_write+0x6f/0xf0\n[ +0.000000] do_syscall_64+0x60/0xc0\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000000] ? syscall_exit_to_user_mode+0x2b/0x40\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000000] ? do_syscall_64+0x6c/0xc0\n[ +0.000000] ? do_syscall_64+0x6c/0xc0\n[ +0.000000] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ +0.000000] RIP: 0033:0x7f9ad46b4b00\n[ +0.000000] Code: 40 00 48 8b 15 19 b3 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d e1 3a 0e 00 00 74 17 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89\n[ +0.000000] RSP: 002b:00007ffcbd3bd6d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\n[ +0.000000] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ad46b4b00\n[ +0.000000] RDX: 0000000000000002 RSI: 00007f9ad48a7417 RDI: 0000000000000009\n[ +0.000000] RBP: 0000000000000002 R08\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:03.621Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145"
},
{
"url": "https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777"
}
],
"title": "drm/amd/display: fix null-pointer dereference on edid reading",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26728",
"datePublished": "2024-04-03T17:00:16.776Z",
"dateReserved": "2024-02-19T14:20:24.164Z",
"dateUpdated": "2025-05-04T08:55:03.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.7\", \"versionEndExcluding\": \"6.7.7\", \"matchCriteriaId\": \"575EE16B-67F2-4B5B-B5F8-1877715C898B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9F4EA73-0894-400F-A490-3A397AB7A517\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"056BD938-0A27-4569-B391-30578B309EE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"F02056A5-B362-4370-9FF8-6F0BD384D520\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"62075ACE-B2A0-4B16-829D-B3DA5AE5CC41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"A780F817-2A77-4130-A9B7-5C25606314E3\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/amd/display: fix null-pointer dereference on edid reading\\n\\nUse i2c adapter when there isn\u0027t aux_mode in dc_link to fix a\\nnull-pointer derefence that happens when running\\nigt@kms_force_connector_basic in a system with DCN2.1 and HDMI connector\\ndetected as below:\\n\\n[ +0.178146] BUG: kernel NULL pointer dereference, address: 00000000000004c0\\n[ +0.000010] #PF: supervisor read access in kernel mode\\n[ +0.000005] #PF: error_code(0x0000) - not-present page\\n[ +0.000004] PGD 0 P4D 0\\n[ +0.000006] Oops: 0000 [#1] PREEMPT SMP NOPTI\\n[ +0.000006] CPU: 15 PID: 2368 Comm: kms_force_conne Not tainted 6.5.0-asdn+ #152\\n[ +0.000005] Hardware name: HP HP ENVY x360 Convertible 13-ay1xxx/8929, BIOS F.01 07/14/2021\\n[ +0.000004] RIP: 0010:i2c_transfer+0xd/0x100\\n[ +0.000011] Code: ea fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 \u003c48\u003e 8b 47 10 48 89 fb 48 83 38 00 0f 84 b3 00 00 00 83 3d 2f 80 16\\n[ +0.000004] RSP: 0018:ffff9c4f89c0fad0 EFLAGS: 00010246\\n[ +0.000005] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000080\\n[ +0.000003] RDX: 0000000000000002 RSI: ffff9c4f89c0fb20 RDI: 00000000000004b0\\n[ +0.000003] RBP: ffff9c4f89c0fb80 R08: 0000000000000080 R09: ffff8d8e0b15b980\\n[ +0.000003] R10: 00000000000380e0 R11: 0000000000000000 R12: 0000000000000080\\n[ +0.000002] R13: 0000000000000002 R14: ffff9c4f89c0fb0e R15: ffff9c4f89c0fb0f\\n[ +0.000004] FS: 00007f9ad2176c40(0000) GS:ffff8d90fe9c0000(0000) knlGS:0000000000000000\\n[ +0.000003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n[ +0.000004] CR2: 00000000000004c0 CR3: 0000000121bc4000 CR4: 0000000000750ee0\\n[ +0.000003] PKRU: 55555554\\n[ +0.000003] Call Trace:\\n[ +0.000006] \u003cTASK\u003e\\n[ +0.000006] ? __die+0x23/0x70\\n[ +0.000011] ? page_fault_oops+0x17d/0x4c0\\n[ +0.000008] ? preempt_count_add+0x6e/0xa0\\n[ +0.000008] ? srso_alias_return_thunk+0x5/0x7f\\n[ +0.000011] ? exc_page_fault+0x7f/0x180\\n[ +0.000009] ? asm_exc_page_fault+0x26/0x30\\n[ +0.000013] ? i2c_transfer+0xd/0x100\\n[ +0.000010] drm_do_probe_ddc_edid+0xc2/0x140 [drm]\\n[ +0.000067] ? srso_alias_return_thunk+0x5/0x7f\\n[ +0.000006] ? _drm_do_get_edid+0x97/0x3c0 [drm]\\n[ +0.000043] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\\n[ +0.000042] edid_block_read+0x3b/0xd0 [drm]\\n[ +0.000043] _drm_do_get_edid+0xb6/0x3c0 [drm]\\n[ +0.000041] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\\n[ +0.000043] drm_edid_read_custom+0x37/0xd0 [drm]\\n[ +0.000044] amdgpu_dm_connector_mode_valid+0x129/0x1d0 [amdgpu]\\n[ +0.000153] drm_connector_mode_valid+0x3b/0x60 [drm_kms_helper]\\n[ +0.000000] __drm_helper_update_and_validate+0xfe/0x3c0 [drm_kms_helper]\\n[ +0.000000] ? amdgpu_dm_connector_get_modes+0xb6/0x520 [amdgpu]\\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\\n[ +0.000000] drm_helper_probe_single_connector_modes+0x2ab/0x540 [drm_kms_helper]\\n[ +0.000000] status_store+0xb2/0x1f0 [drm]\\n[ +0.000000] kernfs_fop_write_iter+0x136/0x1d0\\n[ +0.000000] vfs_write+0x24d/0x440\\n[ +0.000000] ksys_write+0x6f/0xf0\\n[ +0.000000] do_syscall_64+0x60/0xc0\\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\\n[ +0.000000] ? syscall_exit_to_user_mode+0x2b/0x40\\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\\n[ +0.000000] ? do_syscall_64+0x6c/0xc0\\n[ +0.000000] ? do_syscall_64+0x6c/0xc0\\n[ +0.000000] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\\n[ +0.000000] RIP: 0033:0x7f9ad46b4b00\\n[ +0.000000] Code: 40 00 48 8b 15 19 b3 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d e1 3a 0e 00 00 74 17 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89\\n[ +0.000000] RSP: 002b:00007ffcbd3bd6d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\\n[ +0.000000] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ad46b4b00\\n[ +0.000000] RDX: 0000000000000002 RSI: 00007f9ad48a7417 RDI: 0000000000000009\\n[ +0.000000] RBP: 0000000000000002 R08\\n---truncated---\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se resolvi\\u00f3 la siguiente vulnerabilidad: drm/amd/display: corrige la desreferencia del puntero nulo en la lectura de edid Utilice el adaptador i2c cuando no haya aux_mode en dc_link para corregir una desreferencia del puntero nulo que ocurre al ejecutar igt@ kms_force_connector_basic en un SYSTEM con DCN2.1 y conector HDMI se detect\\u00f3 como se muestra a continuaci\\u00f3n: [+0.178146] ERROR: desreferencia del puntero NULL del kernel, direcci\\u00f3n: 00000000000004c0 [+0.000010] #PF: acceso de lectura del supervisor en modo kernel [+0.000005] #PF: c\\u00f3digo_error (0x0000) - p\\u00e1gina no presente [+0.000004] PGD 0 P4D 0 [+0.000006] Ups: 0000 [#1] PREEMPT SMP NOPTI [+0.000006] CPU: 15 PID: 2368 Comm: kms_force_conne No contaminado 6.5.0-asdn+ #152 [+0.000005] Nombre de hardware: HP HP ENVY x360 Convertible 13-ay1xxx/8929, BIOS F.01 14/07/2021 [+0.000004] RIP: 0010:i2c_transfer+0xd/0x100 [+0.000011] C\\u00f3digo: ea fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 \u0026lt;48\u0026gt; 8b 4 7 10 48 89 fb 48 83 38 00 0f 84 b3 00 00 00 83 3d 2f 80 16 [ +0.000004] RSP: 0018:ffff9c4f89c0fad0 EFLAGS: 00010246 [ +0.000005] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000080 [+0.000003] RDX: 0000000000000002 RSI: ffff9c4f89c0fb20 RDI : 00000000000004b0 [ +0.000003] RBP: ffff9c4f89c0fb80 R08: 0000000000000080 R09: ffff8d8e0b15b980 [ +0.000003] R10: 00000000000380e0 R11: 0000000000000000 R12: 0000000000000080 [ +0.000002] R13: 0000000000000002 R14: ffff9c4f89c0fb0e R15: ffff9c4f89c0fb0f [ +0.000004] FS: 000 07f9ad2176c40(0000 ) GS:ffff8d90fe9c0000(0000) knlGS:0000000000000000 [ +0.000003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000004] CR2: 0000000000000 4c0 CR3: 0000000121bc4000 CR4: 0000000000750ee0 [ +0.000003] PKRU: 55555554 [ +0.000003] Seguimiento de llamadas: [ +0.000006] [ +0.000006] ? __die+0x23/0x70 [ +0.000011] ? page_fault_oops+0x17d/0x4c0 [+0.000008]? preempt_count_add+0x6e/0xa0 [+0.000008]? srso_alias_return_thunk+0x5/0x7f [+0.000011]? exc_page_fault+0x7f/0x180 [+0.000009]? asm_exc_page_fault+0x26/0x30 [+0.000013]? i2c_transfer+0xd/0x100 [ +0.000010] drm_do_probe_ddc_edid+0xc2/0x140 [drm] [ +0.000067] ? srso_alias_return_thunk+0x5/0x7f [+0.000006]? _drm_do_get_edid+0x97/0x3c0 [drm] [ +0.000043] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm] [ +0.000042] edid_block_read+0x3b/0xd0 [drm] [ +0.000043] _drm_do_get_edid+0xb6/0x3c0 [drm] [ +0.000041] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm] [ +0.000043] drm_edid_read_custom+0x37/0xd0 [drm] [ +0.000044] amdgpu_dm_connector_mode_valid+0x129/0x1d0 [amdgpu] [ +0.000153] dr m_connector_mode_valid+0x3b/0x60 [drm_kms_helper] [ +0.000000] __drm_helper_update_and_validate+ 0xfe/0x3c0 [drm_kms_helper] [+0.000000]? amdgpu_dm_connector_get_modes+0xb6/0x520 [amdgpu] [+0.000000]? srso_alias_return_thunk+0x5/0x7f [ +0.000000] drm_helper_probe_single_connector_modes+0x2ab/0x540 [drm_kms_helper] [ +0.000000] status_store+0xb2/0x1f0 [drm] [ +0.000000] kernfs_fop_write_iter +0x136/0x1d0 [ +0,000000] vfs_write+0x24d/0x440 [ +0,000000 ] ksys_write+0x6f/0xf0 [ +0.000000] do_syscall_64+0x60/0xc0 [ +0.000000] ? srso_alias_return_thunk+0x5/0x7f [+0.000000]? syscall_exit_to_user_mode+0x2b/0x40 [+0.000000]? srso_alias_return_thunk+0x5/0x7f [+0.000000]? do_syscall_64+0x6c/0xc0 [+0.000000]? do_syscall_64+0x6c/0xc0 [ +0.000000] Entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ +0.000000] RIP: 0033:0x7f9ad46b4b00 [ +0.000000] C\\u00f3digo: 40 00 48 8b 15 19 b3 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d e1 3a 0e 00 00 74 17 b8 01 00 00 00 0f 05 \u0026lt;48\u0026gt; 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ +0 .000000] RSP : 002b:00007ffcbd3bd6d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ +0.000000] RAX: ffffffffffffffffda RBX: 00000000000000000 RCX: 00007f9ad46b4b00 [ +0 .000000] RDX: 0000000000000002 RSI: 00007f9ad48a7417 RDI: 0000000000000009 [+0.000000] RBP: 0000000000000002 R08 ---truncado-- -\"}]",
"id": "CVE-2024-26728",
"lastModified": "2025-01-07T21:15:57.473",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
"published": "2024-04-03T17:15:50.763",
"references": "[{\"url\": \"https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-26728\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-03T17:15:50.763\",\"lastModified\":\"2025-01-07T21:15:57.473\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/amd/display: fix null-pointer dereference on edid reading\\n\\nUse i2c adapter when there isn\u0027t aux_mode in dc_link to fix a\\nnull-pointer derefence that happens when running\\nigt@kms_force_connector_basic in a system with DCN2.1 and HDMI connector\\ndetected as below:\\n\\n[ +0.178146] BUG: kernel NULL pointer dereference, address: 00000000000004c0\\n[ +0.000010] #PF: supervisor read access in kernel mode\\n[ +0.000005] #PF: error_code(0x0000) - not-present page\\n[ +0.000004] PGD 0 P4D 0\\n[ +0.000006] Oops: 0000 [#1] PREEMPT SMP NOPTI\\n[ +0.000006] CPU: 15 PID: 2368 Comm: kms_force_conne Not tainted 6.5.0-asdn+ #152\\n[ +0.000005] Hardware name: HP HP ENVY x360 Convertible 13-ay1xxx/8929, BIOS F.01 07/14/2021\\n[ +0.000004] RIP: 0010:i2c_transfer+0xd/0x100\\n[ +0.000011] Code: ea fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 \u003c48\u003e 8b 47 10 48 89 fb 48 83 38 00 0f 84 b3 00 00 00 83 3d 2f 80 16\\n[ +0.000004] RSP: 0018:ffff9c4f89c0fad0 EFLAGS: 00010246\\n[ +0.000005] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000080\\n[ +0.000003] RDX: 0000000000000002 RSI: ffff9c4f89c0fb20 RDI: 00000000000004b0\\n[ +0.000003] RBP: ffff9c4f89c0fb80 R08: 0000000000000080 R09: ffff8d8e0b15b980\\n[ +0.000003] R10: 00000000000380e0 R11: 0000000000000000 R12: 0000000000000080\\n[ +0.000002] R13: 0000000000000002 R14: ffff9c4f89c0fb0e R15: ffff9c4f89c0fb0f\\n[ +0.000004] FS: 00007f9ad2176c40(0000) GS:ffff8d90fe9c0000(0000) knlGS:0000000000000000\\n[ +0.000003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n[ +0.000004] CR2: 00000000000004c0 CR3: 0000000121bc4000 CR4: 0000000000750ee0\\n[ +0.000003] PKRU: 55555554\\n[ +0.000003] Call Trace:\\n[ +0.000006] \u003cTASK\u003e\\n[ +0.000006] ? __die+0x23/0x70\\n[ +0.000011] ? page_fault_oops+0x17d/0x4c0\\n[ +0.000008] ? preempt_count_add+0x6e/0xa0\\n[ +0.000008] ? srso_alias_return_thunk+0x5/0x7f\\n[ +0.000011] ? exc_page_fault+0x7f/0x180\\n[ +0.000009] ? asm_exc_page_fault+0x26/0x30\\n[ +0.000013] ? i2c_transfer+0xd/0x100\\n[ +0.000010] drm_do_probe_ddc_edid+0xc2/0x140 [drm]\\n[ +0.000067] ? srso_alias_return_thunk+0x5/0x7f\\n[ +0.000006] ? _drm_do_get_edid+0x97/0x3c0 [drm]\\n[ +0.000043] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\\n[ +0.000042] edid_block_read+0x3b/0xd0 [drm]\\n[ +0.000043] _drm_do_get_edid+0xb6/0x3c0 [drm]\\n[ +0.000041] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\\n[ +0.000043] drm_edid_read_custom+0x37/0xd0 [drm]\\n[ +0.000044] amdgpu_dm_connector_mode_valid+0x129/0x1d0 [amdgpu]\\n[ +0.000153] drm_connector_mode_valid+0x3b/0x60 [drm_kms_helper]\\n[ +0.000000] __drm_helper_update_and_validate+0xfe/0x3c0 [drm_kms_helper]\\n[ +0.000000] ? amdgpu_dm_connector_get_modes+0xb6/0x520 [amdgpu]\\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\\n[ +0.000000] drm_helper_probe_single_connector_modes+0x2ab/0x540 [drm_kms_helper]\\n[ +0.000000] status_store+0xb2/0x1f0 [drm]\\n[ +0.000000] kernfs_fop_write_iter+0x136/0x1d0\\n[ +0.000000] vfs_write+0x24d/0x440\\n[ +0.000000] ksys_write+0x6f/0xf0\\n[ +0.000000] do_syscall_64+0x60/0xc0\\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\\n[ +0.000000] ? syscall_exit_to_user_mode+0x2b/0x40\\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\\n[ +0.000000] ? do_syscall_64+0x6c/0xc0\\n[ +0.000000] ? do_syscall_64+0x6c/0xc0\\n[ +0.000000] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\\n[ +0.000000] RIP: 0033:0x7f9ad46b4b00\\n[ +0.000000] Code: 40 00 48 8b 15 19 b3 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d e1 3a 0e 00 00 74 17 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89\\n[ +0.000000] RSP: 002b:00007ffcbd3bd6d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\\n[ +0.000000] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ad46b4b00\\n[ +0.000000] RDX: 0000000000000002 RSI: 00007f9ad48a7417 RDI: 0000000000000009\\n[ +0.000000] RBP: 0000000000000002 R08\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/amd/display: corrige la desreferencia del puntero nulo en la lectura de edid Utilice el adaptador i2c cuando no haya aux_mode en dc_link para corregir una desreferencia del puntero nulo que ocurre al ejecutar igt@ kms_force_connector_basic en un SYSTEM con DCN2.1 y conector HDMI se detect\u00f3 como se muestra a continuaci\u00f3n: [+0.178146] ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 00000000000004c0 [+0.000010] #PF: acceso de lectura del supervisor en modo kernel [+0.000005] #PF: c\u00f3digo_error (0x0000) - p\u00e1gina no presente [+0.000004] PGD 0 P4D 0 [+0.000006] Ups: 0000 [#1] PREEMPT SMP NOPTI [+0.000006] CPU: 15 PID: 2368 Comm: kms_force_conne No contaminado 6.5.0-asdn+ #152 [+0.000005] Nombre de hardware: HP HP ENVY x360 Convertible 13-ay1xxx/8929, BIOS F.01 14/07/2021 [+0.000004] RIP: 0010:i2c_transfer+0xd/0x100 [+0.000011] C\u00f3digo: ea fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 \u0026lt;48\u0026gt; 8b 4 7 10 48 89 fb 48 83 38 00 0f 84 b3 00 00 00 83 3d 2f 80 16 [ +0.000004] RSP: 0018:ffff9c4f89c0fad0 EFLAGS: 00010246 [ +0.000005] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000080 [+0.000003] RDX: 0000000000000002 RSI: ffff9c4f89c0fb20 RDI : 00000000000004b0 [ +0.000003] RBP: ffff9c4f89c0fb80 R08: 0000000000000080 R09: ffff8d8e0b15b980 [ +0.000003] R10: 00000000000380e0 R11: 0000000000000000 R12: 0000000000000080 [ +0.000002] R13: 0000000000000002 R14: ffff9c4f89c0fb0e R15: ffff9c4f89c0fb0f [ +0.000004] FS: 000 07f9ad2176c40(0000 ) GS:ffff8d90fe9c0000(0000) knlGS:0000000000000000 [ +0.000003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000004] CR2: 0000000000000 4c0 CR3: 0000000121bc4000 CR4: 0000000000750ee0 [ +0.000003] PKRU: 55555554 [ +0.000003] Seguimiento de llamadas: [ +0.000006] [ +0.000006] ? __die+0x23/0x70 [ +0.000011] ? page_fault_oops+0x17d/0x4c0 [+0.000008]? preempt_count_add+0x6e/0xa0 [+0.000008]? srso_alias_return_thunk+0x5/0x7f [+0.000011]? exc_page_fault+0x7f/0x180 [+0.000009]? asm_exc_page_fault+0x26/0x30 [+0.000013]? i2c_transfer+0xd/0x100 [ +0.000010] drm_do_probe_ddc_edid+0xc2/0x140 [drm] [ +0.000067] ? srso_alias_return_thunk+0x5/0x7f [+0.000006]? _drm_do_get_edid+0x97/0x3c0 [drm] [ +0.000043] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm] [ +0.000042] edid_block_read+0x3b/0xd0 [drm] [ +0.000043] _drm_do_get_edid+0xb6/0x3c0 [drm] [ +0.000041] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm] [ +0.000043] drm_edid_read_custom+0x37/0xd0 [drm] [ +0.000044] amdgpu_dm_connector_mode_valid+0x129/0x1d0 [amdgpu] [ +0.000153] dr m_connector_mode_valid+0x3b/0x60 [drm_kms_helper] [ +0.000000] __drm_helper_update_and_validate+ 0xfe/0x3c0 [drm_kms_helper] [+0.000000]? amdgpu_dm_connector_get_modes+0xb6/0x520 [amdgpu] [+0.000000]? srso_alias_return_thunk+0x5/0x7f [ +0.000000] drm_helper_probe_single_connector_modes+0x2ab/0x540 [drm_kms_helper] [ +0.000000] status_store+0xb2/0x1f0 [drm] [ +0.000000] kernfs_fop_write_iter +0x136/0x1d0 [ +0,000000] vfs_write+0x24d/0x440 [ +0,000000 ] ksys_write+0x6f/0xf0 [ +0.000000] do_syscall_64+0x60/0xc0 [ +0.000000] ? srso_alias_return_thunk+0x5/0x7f [+0.000000]? syscall_exit_to_user_mode+0x2b/0x40 [+0.000000]? srso_alias_return_thunk+0x5/0x7f [+0.000000]? do_syscall_64+0x6c/0xc0 [+0.000000]? do_syscall_64+0x6c/0xc0 [ +0.000000] Entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ +0.000000] RIP: 0033:0x7f9ad46b4b00 [ +0.000000] C\u00f3digo: 40 00 48 8b 15 19 b3 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d e1 3a 0e 00 00 74 17 b8 01 00 00 00 0f 05 \u0026lt;48\u0026gt; 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 [ +0 .000000] RSP : 002b:00007ffcbd3bd6d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ +0.000000] RAX: ffffffffffffffffda RBX: 00000000000000000 RCX: 00007f9ad46b4b00 [ +0 .000000] RDX: 0000000000000002 RSI: 00007f9ad48a7417 RDI: 0000000000000009 [+0.000000] RBP: 0000000000000002 R08 ---truncado-- -\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.7.7\",\"matchCriteriaId\":\"575EE16B-67F2-4B5B-B5F8-1877715C898B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9F4EA73-0894-400F-A490-3A397AB7A517\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"056BD938-0A27-4569-B391-30578B309EE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F02056A5-B362-4370-9FF8-6F0BD384D520\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"62075ACE-B2A0-4B16-829D-B3DA5AE5CC41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A780F817-2A77-4130-A9B7-5C25606314E3\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T00:14:12.935Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-26728\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T15:52:07.138513Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:16.332Z\"}}], \"cna\": {\"title\": \"drm/amd/display: fix null-pointer dereference on edid reading\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"0e859faf8670a78ce206977dcf1a31a0231e9ca5\", \"lessThan\": \"2d392f7268a1a9bfbd98c831f0f4c964e59aa145\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"0e859faf8670a78ce206977dcf1a31a0231e9ca5\", \"lessThan\": \"9671761792156f2339627918bafcd713a8a6f777\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.7\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.7\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.7.7\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.7.*\"}, {\"status\": \"unaffected\", \"version\": \"6.8\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145\"}, {\"url\": \"https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/amd/display: fix null-pointer dereference on edid reading\\n\\nUse i2c adapter when there isn\u0027t aux_mode in dc_link to fix a\\nnull-pointer derefence that happens when running\\nigt@kms_force_connector_basic in a system with DCN2.1 and HDMI connector\\ndetected as below:\\n\\n[ +0.178146] BUG: kernel NULL pointer dereference, address: 00000000000004c0\\n[ +0.000010] #PF: supervisor read access in kernel mode\\n[ +0.000005] #PF: error_code(0x0000) - not-present page\\n[ +0.000004] PGD 0 P4D 0\\n[ +0.000006] Oops: 0000 [#1] PREEMPT SMP NOPTI\\n[ +0.000006] CPU: 15 PID: 2368 Comm: kms_force_conne Not tainted 6.5.0-asdn+ #152\\n[ +0.000005] Hardware name: HP HP ENVY x360 Convertible 13-ay1xxx/8929, BIOS F.01 07/14/2021\\n[ +0.000004] RIP: 0010:i2c_transfer+0xd/0x100\\n[ +0.000011] Code: ea fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 \u003c48\u003e 8b 47 10 48 89 fb 48 83 38 00 0f 84 b3 00 00 00 83 3d 2f 80 16\\n[ +0.000004] RSP: 0018:ffff9c4f89c0fad0 EFLAGS: 00010246\\n[ +0.000005] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000080\\n[ +0.000003] RDX: 0000000000000002 RSI: ffff9c4f89c0fb20 RDI: 00000000000004b0\\n[ +0.000003] RBP: ffff9c4f89c0fb80 R08: 0000000000000080 R09: ffff8d8e0b15b980\\n[ +0.000003] R10: 00000000000380e0 R11: 0000000000000000 R12: 0000000000000080\\n[ +0.000002] R13: 0000000000000002 R14: ffff9c4f89c0fb0e R15: ffff9c4f89c0fb0f\\n[ +0.000004] FS: 00007f9ad2176c40(0000) GS:ffff8d90fe9c0000(0000) knlGS:0000000000000000\\n[ +0.000003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n[ +0.000004] CR2: 00000000000004c0 CR3: 0000000121bc4000 CR4: 0000000000750ee0\\n[ +0.000003] PKRU: 55555554\\n[ +0.000003] Call Trace:\\n[ +0.000006] \u003cTASK\u003e\\n[ +0.000006] ? __die+0x23/0x70\\n[ +0.000011] ? page_fault_oops+0x17d/0x4c0\\n[ +0.000008] ? preempt_count_add+0x6e/0xa0\\n[ +0.000008] ? srso_alias_return_thunk+0x5/0x7f\\n[ +0.000011] ? exc_page_fault+0x7f/0x180\\n[ +0.000009] ? asm_exc_page_fault+0x26/0x30\\n[ +0.000013] ? i2c_transfer+0xd/0x100\\n[ +0.000010] drm_do_probe_ddc_edid+0xc2/0x140 [drm]\\n[ +0.000067] ? srso_alias_return_thunk+0x5/0x7f\\n[ +0.000006] ? _drm_do_get_edid+0x97/0x3c0 [drm]\\n[ +0.000043] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\\n[ +0.000042] edid_block_read+0x3b/0xd0 [drm]\\n[ +0.000043] _drm_do_get_edid+0xb6/0x3c0 [drm]\\n[ +0.000041] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\\n[ +0.000043] drm_edid_read_custom+0x37/0xd0 [drm]\\n[ +0.000044] amdgpu_dm_connector_mode_valid+0x129/0x1d0 [amdgpu]\\n[ +0.000153] drm_connector_mode_valid+0x3b/0x60 [drm_kms_helper]\\n[ +0.000000] __drm_helper_update_and_validate+0xfe/0x3c0 [drm_kms_helper]\\n[ +0.000000] ? amdgpu_dm_connector_get_modes+0xb6/0x520 [amdgpu]\\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\\n[ +0.000000] drm_helper_probe_single_connector_modes+0x2ab/0x540 [drm_kms_helper]\\n[ +0.000000] status_store+0xb2/0x1f0 [drm]\\n[ +0.000000] kernfs_fop_write_iter+0x136/0x1d0\\n[ +0.000000] vfs_write+0x24d/0x440\\n[ +0.000000] ksys_write+0x6f/0xf0\\n[ +0.000000] do_syscall_64+0x60/0xc0\\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\\n[ +0.000000] ? syscall_exit_to_user_mode+0x2b/0x40\\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\\n[ +0.000000] ? do_syscall_64+0x6c/0xc0\\n[ +0.000000] ? do_syscall_64+0x6c/0xc0\\n[ +0.000000] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\\n[ +0.000000] RIP: 0033:0x7f9ad46b4b00\\n[ +0.000000] Code: 40 00 48 8b 15 19 b3 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d e1 3a 0e 00 00 74 17 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89\\n[ +0.000000] RSP: 002b:00007ffcbd3bd6d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\\n[ +0.000000] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ad46b4b00\\n[ +0.000000] RDX: 0000000000000002 RSI: 00007f9ad48a7417 RDI: 0000000000000009\\n[ +0.000000] RBP: 0000000000000002 R08\\n---truncated---\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.7.7\", \"versionStartIncluding\": \"6.7\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.8\", \"versionStartIncluding\": \"6.7\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T08:55:03.621Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-26728\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T08:55:03.621Z\", \"dateReserved\": \"2024-02-19T14:20:24.164Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-04-03T17:00:16.776Z\", \"assignerShortName\": \"Linux\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…