PT-2024-21550 · Linux+5 · Linux Kernel+5

Hsin-Yi Wang

·

Published

2024-02-23

·

Updated

2024-11-05

·

CVE-2024-26874

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A null pointer crash has been fixed in the Linux kernel, specifically in the drm/mediatek module, related to the mtk drm crtc finish page flip function. The issue occurs when mtk crtc->event is NULL, causing a race condition between mtk drm crtc atomic flush and mtk drm finish page flip. This happens because pending needs vblank value is set by mtk crtc->event, but in mtk drm crtc atomic flush, it's not guarded by the same lock as in mtk drm finish page flip. The problem can be efficiently resolved by checking if mtk crtc->event is null before use.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-03928
CVE-2024-26874
DLA-3840-1
DLA-3842-1
DSA-5681-1
SUSE-SU-2024:1979-1
SUSE-SU-2024:1983-1
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2184-1
SUSE-SU-2024:2190-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6820-1
USN-6820-2
USN-6821-1
USN-6821-2
USN-6821-3
USN-6821-4
USN-6828-1
USN-6871-1
USN-6878-1
USN-6892-1
USN-6896-1
USN-6896-2
USN-6896-3
USN-6896-4
USN-6896-5
USN-6919-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu