cve-2024-50156
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
If the allocation in msm_disp_state_dump_regs() failed then
`block->state` can be NULL. The msm_disp_state_print_regs() function
_does_ have code to try to handle it with:
if (*reg)
dump_addr = *reg;
...but since "dump_addr" is initialized to NULL the above is actually
a noop. The code then goes on to dereference `dump_addr`.
Make the function print "Registers not stored" when it sees a NULL to
solve this. Since we're touching the code, fix
msm_disp_state_print_regs() not to pointlessly take a double-pointer
and properly mark the pointer as `const`.
Patchwork: https://patchwork.freedesktop.org/patch/619657/
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 98659487b845c05b6bed85d881713545db674c7c Version: 98659487b845c05b6bed85d881713545db674c7c Version: 98659487b845c05b6bed85d881713545db674c7c Version: 98659487b845c05b6bed85d881713545db674c7c Version: 98659487b845c05b6bed85d881713545db674c7c |
||||
|
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/msm/disp/msm_disp_snapshot_util.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "42cf045086feae77b212f0f66e742b91a5b566b7", "status": "affected", "version": "98659487b845c05b6bed85d881713545db674c7c", "versionType": "git" }, { "lessThan": "e8e9f2a12a6214080c8ea83220a596f6e1dedc6c", "status": "affected", "version": "98659487b845c05b6bed85d881713545db674c7c", "versionType": "git" }, { "lessThan": "f7ad916273483748582d97cfa31054ccb19224f3", "status": "affected", "version": "98659487b845c05b6bed85d881713545db674c7c", "versionType": "git" }, { "lessThan": "563aa81fd66a4e7e6e551a0e02bcc23957cafe2f", "status": "affected", "version": "98659487b845c05b6bed85d881713545db674c7c", "versionType": "git" }, { "lessThan": "293f53263266bc4340d777268ab4328a97f041fa", "status": "affected", "version": "98659487b845c05b6bed85d881713545db674c7c", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/msm/disp/msm_disp_snapshot_util.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.14" }, { "lessThan": "5.14", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.170", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.115", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Avoid NULL dereference in msm_disp_state_print_regs()\n\nIf the allocation in msm_disp_state_dump_regs() failed then\n`block-\u003estate` can be NULL. The msm_disp_state_print_regs() function\n_does_ have code to try to handle it with:\n\n if (*reg)\n dump_addr = *reg;\n\n...but since \"dump_addr\" is initialized to NULL the above is actually\na noop. The code then goes on to dereference `dump_addr`.\n\nMake the function print \"Registers not stored\" when it sees a NULL to\nsolve this. Since we\u0027re touching the code, fix\nmsm_disp_state_print_regs() not to pointlessly take a double-pointer\nand properly mark the pointer as `const`.\n\nPatchwork: https://patchwork.freedesktop.org/patch/619657/" } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:18.651Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/42cf045086feae77b212f0f66e742b91a5b566b7" }, { "url": "https://git.kernel.org/stable/c/e8e9f2a12a6214080c8ea83220a596f6e1dedc6c" }, { "url": "https://git.kernel.org/stable/c/f7ad916273483748582d97cfa31054ccb19224f3" }, { "url": "https://git.kernel.org/stable/c/563aa81fd66a4e7e6e551a0e02bcc23957cafe2f" }, { "url": "https://git.kernel.org/stable/c/293f53263266bc4340d777268ab4328a97f041fa" } ], "title": "drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50156", "datePublished": "2024-11-07T09:31:33.018Z", "dateReserved": "2024-10-21T19:36:19.960Z", "dateUpdated": "2024-12-19T09:34:18.651Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "fkie_nvd": { "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.14\", \"versionEndExcluding\": \"5.15.170\", \"matchCriteriaId\": \"53E8194F-DD7E-4112-80DD-3E7EF9172D6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.16\", \"versionEndExcluding\": \"6.1.115\", \"matchCriteriaId\": \"C08A77A6-E42E-4EFD-B5A1-2BF6CBBB42AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2\", \"versionEndExcluding\": \"6.6.59\", \"matchCriteriaId\": \"5D15CA59-D15C-4ACD-8B03-A072DEAD2081\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.7\", \"versionEndExcluding\": \"6.11.6\", \"matchCriteriaId\": \"E4486B12-007B-4794-9857-F07145637AA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F361E1D-580F-4A2D-A509-7615F73167A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"}]}]}]", "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/msm: Avoid NULL dereference in msm_disp_state_print_regs()\\n\\nIf the allocation in msm_disp_state_dump_regs() failed then\\n`block-\u003estate` can be NULL. The msm_disp_state_print_regs() function\\n_does_ have code to try to handle it with:\\n\\n if (*reg)\\n dump_addr = *reg;\\n\\n...but since \\\"dump_addr\\\" is initialized to NULL the above is actually\\na noop. The code then goes on to dereference `dump_addr`.\\n\\nMake the function print \\\"Registers not stored\\\" when it sees a NULL to\\nsolve this. Since we\u0027re touching the code, fix\\nmsm_disp_state_print_regs() not to pointlessly take a double-pointer\\nand properly mark the pointer as `const`.\\n\\nPatchwork: https://patchwork.freedesktop.org/patch/619657/\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm: Evitar la desreferenciaci\\u00f3n NULL en msm_disp_state_print_regs() Si la asignaci\\u00f3n en msm_disp_state_dump_regs() falla, entonces `block-\u0026gt;state` puede ser NULL. La funci\\u00f3n msm_disp_state_print_regs() _s\\u00ed_ tiene c\\u00f3digo para intentar manejarlo con: if (*reg) dump_addr = *reg; ...pero como \\\"dump_addr\\\" se inicializa a NULL, lo anterior es en realidad un noop. Luego, el c\\u00f3digo contin\\u00faa para desreferenciar `dump_addr`. Haga que la funci\\u00f3n imprima \\\"Registros no almacenados\\\" cuando vea un NULL para resolver esto. Ya que estamos tocando el c\\u00f3digo, arregle msm_disp_state_print_regs() para que no tome un puntero doble sin sentido y marque correctamente el puntero como `const`. Parche: https://patchwork.freedesktop.org/patch/619657/\"}]", "id": "CVE-2024-50156", "lastModified": "2024-11-20T13:58:04.447", "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}", "published": "2024-11-07T10:15:07.127", "references": "[{\"url\": \"https://git.kernel.org/stable/c/293f53263266bc4340d777268ab4328a97f041fa\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/42cf045086feae77b212f0f66e742b91a5b566b7\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/563aa81fd66a4e7e6e551a0e02bcc23957cafe2f\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/e8e9f2a12a6214080c8ea83220a596f6e1dedc6c\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/f7ad916273483748582d97cfa31054ccb19224f3\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}]", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]" }, "nvd": "{\"cve\":{\"id\":\"CVE-2024-50156\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-07T10:15:07.127\",\"lastModified\":\"2024-11-20T13:58:04.447\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/msm: Avoid NULL dereference in msm_disp_state_print_regs()\\n\\nIf the allocation in msm_disp_state_dump_regs() failed then\\n`block-\u003estate` can be NULL. The msm_disp_state_print_regs() function\\n_does_ have code to try to handle it with:\\n\\n if (*reg)\\n dump_addr = *reg;\\n\\n...but since \\\"dump_addr\\\" is initialized to NULL the above is actually\\na noop. The code then goes on to dereference `dump_addr`.\\n\\nMake the function print \\\"Registers not stored\\\" when it sees a NULL to\\nsolve this. Since we\u0027re touching the code, fix\\nmsm_disp_state_print_regs() not to pointlessly take a double-pointer\\nand properly mark the pointer as `const`.\\n\\nPatchwork: https://patchwork.freedesktop.org/patch/619657/\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm: Evitar la desreferenciaci\u00f3n NULL en msm_disp_state_print_regs() Si la asignaci\u00f3n en msm_disp_state_dump_regs() falla, entonces `block-\u0026gt;state` puede ser NULL. La funci\u00f3n msm_disp_state_print_regs() _s\u00ed_ tiene c\u00f3digo para intentar manejarlo con: if (*reg) dump_addr = *reg; ...pero como \\\"dump_addr\\\" se inicializa a NULL, lo anterior es en realidad un noop. Luego, el c\u00f3digo contin\u00faa para desreferenciar `dump_addr`. Haga que la funci\u00f3n imprima \\\"Registros no almacenados\\\" cuando vea un NULL para resolver esto. Ya que estamos tocando el c\u00f3digo, arregle msm_disp_state_print_regs() para que no tome un puntero doble sin sentido y marque correctamente el puntero como `const`. Parche: https://patchwork.freedesktop.org/patch/619657/\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.14\",\"versionEndExcluding\":\"5.15.170\",\"matchCriteriaId\":\"53E8194F-DD7E-4112-80DD-3E7EF9172D6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.115\",\"matchCriteriaId\":\"C08A77A6-E42E-4EFD-B5A1-2BF6CBBB42AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.59\",\"matchCriteriaId\":\"5D15CA59-D15C-4ACD-8B03-A072DEAD2081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.6\",\"matchCriteriaId\":\"E4486B12-007B-4794-9857-F07145637AA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/293f53263266bc4340d777268ab4328a97f041fa\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/42cf045086feae77b212f0f66e742b91a5b566b7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/563aa81fd66a4e7e6e551a0e02bcc23957cafe2f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e8e9f2a12a6214080c8ea83220a596f6e1dedc6c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f7ad916273483748582d97cfa31054ccb19224f3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.