Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2024-27040

MEDIUM

Published 2024-05-01T12:54:00.645Z

Actions:

CVSS Score

V3.1

4.7

/10

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.000

probability

of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.178

Higher than 17.8% of all CVEs

Attack Vector Metrics

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()'

In the first if statement, we're checking if 'replay' is NULL. But in
the second if statement, we're not checking if 'replay' is NULL again
before calling replay->funcs->replay_set_power_opt().

if (replay == NULL && force_static)
return false;

...

if (link->replay_settings.replay_feature_enabled &&
replay->funcs->replay_set_power_opt) {
replay->funcs->replay_set_power_opt(replay, *power_opts, panel_inst);
link->replay_settings.replay_power_opt_active = *power_opts;
}

If 'replay' is NULL, this will cause a null pointer dereference.

Fixes the below found by smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:895 edp_set_replay_allow_active() error: we previously assumed 'replay' could be null (see line 887)

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

c7ddc0a800bc9f681a18c3bdd9f06b61adfabc11 c7ddc0a800bc9f681a18c3bdd9f06b61adfabc11 c7ddc0a800bc9f681a18c3bdd9f06b61adfabc11 c7ddc0a800bc9f681a18c3bdd9f06b61adfabc11

Linux

Affected Versions:

6.6 0 6.6.23 6.7.11 6.8.2 6.9

References

https://git.kernel.org/stable/c/f610c46771ef1047e46d61807aa7c69cd29e63d8

https://git.kernel.org/stable/c/e7cadd5d3a8ffe334d0229ba9eda4290138d56e7

https://git.kernel.org/stable/c/d0e94f4807ff0df66cf447d6b4bbb8ac830e99c3

https://git.kernel.org/stable/c/f6aed043ee5d75b3d1bfc452b1a9584b63c8f76b

Published: 2024-05-01T12:54:00.645Z

Last Modified: 2025-05-04T09:02:53.763Z

Copied to clipboard!