PRIOn Logo

CVE-2024-42308 Null pointer dereference

Routine
Remediate Within 6 Months

CVE Information

Original CVE data

Published:
Updated:

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check for NULL pointer [why & how] Need to make sure plane_state is initialized before accessing its members. (cherry picked from commit 295d91cbc700651782a60572f83c24861607b648)

CWE: CWE-476
CVSS v2-
CVSS v35.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
https://git.kernel.org/stable/c/f068494430d15b5fc551ac928de9dac7e5e27602
https://git.kernel.org/stable/c/4ccd37085976ea5d3c499b1e6d0b3f4deaf2cd5a
https://git.kernel.org/stable/c/185616085b12e651cdfd11ef00d1449f54552d89
https://git.kernel.org/stable/c/4ab68e168ae1695f7c04fae98930740aaf7c50fa
https://git.kernel.org/stable/c/71dbf95359347c2ecc5a6dfc02783fcfccb2e9fb
https://git.kernel.org/stable/c/9ce89824ff04d261fc855e0ca6e6025251d9fa40
https://git.kernel.org/stable/c/6b5ed0648213e9355cc78f4a264d9afe8536d692
Affected Vendors

Linux - (1)

Basic Analysis

Common vulnerability metrics

Vulnerabilty type as detected by PRIOnengine

Null pointer dereference

CVSS Scores as calculated by PRIOnengine
CVSS v25.6
AV:L/AC:L/AU:N/C:P/I:N/A:C
CVSS v36.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
MITRE CWE Top 25

Vulnerability weakness type is in the top 25 CWEs according to MITRE. View Mitre Top 25 CWEs

Exploits

No exploit code is reported to exist.

Active Exploitation

Vulnerability is not in CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog

Social Network Activity

-

Threat Actor Activity

No sightings of the vulnerability within threat reports.

Cybersecurity Frameworks

How the vulnerability maps against various cybersecurity frameworks

-

Compliance Impact

How the submited vulnerability affects compliance

PCI DSS v3.2.1-6.5.2 - Buffer Overflows

Web Application Security Frameworks

Applicable if the issue likely affects a web application

-