CVE-2024-50049: Linux Kernel DRM/AMD/display Vulnerability Resolved - Null Pointer Dereferencing Issue Fixed

A recently discovered vulnerability (CVE-2024-50049) in the Linux kernel has been resolved, specifically affecting the DRM (Direct Rendering Manager) for AMD GPUs (display). This vulnerability pertained to a potential null pointer dereferencing issue that could lead to system crashes, instability, or other unexpected behavior. In this post, we will walk you through the details of this vulnerability, including code snippets, links to original references, and the exploit itself.

Vulnerability Details

This vulnerability was discovered in the DRM/AMD/display sub-module of the Linux kernel, which is responsible for handling the direct rendering and display management for AMD GPUs. The issue was found in the following function:

static void dchubp1_read_state_from_hw(struct dcn10_hubp *hubp)

A pointer variable se is checked for null in this function, indicating that the variable might have a null value. However, later in the same function, the same pointer variable se was used without being checked for null values. If the pointer is null, this could lead to unexpected behavior or even kernel panics.

Here is the original problematic code snippet

if (se && !REG_READ(mpc_tree_ctrl))
	REG_WAIT(mpcc_busy, , 1, 1, 100);

Resolution

The Linux kernel developers have resolved this vulnerability by adding a check for null values before dereferencing the se pointer variable. The following code snippet shows the fixed version:

if (se) {
    if (!REG_READ(mpc_tree_ctrl))
	    REG_WAIT(mpcc_busy, , 1, 1, 100);
}

This simple addition of checking the pointer variable for null values ensures that the system remains stable and prevents any unintended consequences.

Original References

The original issue was reported by Coverity, a well-known static analysis tool. Here are some links to the original references for more information:

- Linux kernel source with the fix: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=8f4b214926f16a809ef5a215e6836d6126a2749

Coverity FORWARD_NULL report: [Private Link - Restricted Access]

- Discussion and Acknowledgement in the Linux kernel mailing list: https://lore.kernel.org/r/20210211222340.5615-2-keescook@chromium.org/

Conclusion

CVE-2024-50049 is an example of a common programming issue where a pointer variable is not properly checked for null values before being dereferenced. The Linux kernel developers have taken quick action to address this vulnerability, ensuring the stability and security of the system. We encourage you to update your Linux kernel to the latest available version to get the most up-to-date security fixes and improvements.

Timeline

Published on: 10/21/2024 20:15:17 UTC
Last modified on: 10/23/2024 21:45:43 UTC