CVE-2024-49907

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A vulnerability in the Linux kernel has been resolved, specifically in the drm/amd/display component. The issue arises from a null pointer dereference when using dc->clk mgr. The function dc->hwss.apply idle power optimizations is called with dc as an argument, which dereferences the null dc->clk mgr pointer. This resolves to the dcn35 apply idle power optimizations function. The vulnerability fixes a FORWARD NULL issue reported by Coverity.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the dcn35 apply idle power optimizations function until a patch is available. Restrict access to the vulnerable drm/amd/display component to minimize the risk of exploitation. Avoid using the dc->clk mgr pointer in the affected function until the issue is resolved.