SB2024082654 - NULL pointer dereference in Linux kernel powerplay hwmgr driver
Published: August 26, 2024 Updated: May 12, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2024-43907)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vega10_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c, within the smu8_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c, within the smu7_apply_state_adjust_rules() function in drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/c1749313f35b98e2e655479f037db37f19756622
- https://git.kernel.org/stable/c/0c065e50445aea2e0a1815f12e97ee49e02cbaac
- https://git.kernel.org/stable/c/e04d18c29954441aa1054af649f957ffad90a201
- https://git.kernel.org/stable/c/3a01bf2ca9f860fdc88c358567b8fa3033efcf30
- https://git.kernel.org/stable/c/13937a40aae4efe64592ba48c057ac3c72f7fe82
- https://git.kernel.org/stable/c/d19fb10085a49b77578314f69fff21562f7cd054
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.224
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.165
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.105
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.46