Linux · Linux Kernel · CVE-2024-38548
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue is related to a possible null pointer dereference in the `cdns mhdp atomic enable()` function. The return value of `drm mode duplicate()` is assigned to `mhdp state->current mode`, and there is a dereference of it in `drm mode set name()`, which will lead to a NULL pointer dereference on failure of `drm mode duplicate()`. This can cause a denial of service.
Recommendations:
To resolve the issue, add a check of `mhdp state->current mode` in the `cdns mhdp atomic enable()` function to prevent the null pointer dereference.
As a temporary workaround, consider disabling the `cdns mhdp atomic enable()` function until a patch is available.
Update to a kernel version that includes the fix, such as version 6.6.37 or later.