CVE-2024-26649

drm/amdgpu: Fix the null pointer when load rlc firmware

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size, the pointer to the rlc firmware is released in function amdgpu_ucode_request. There will be a null pointer error in subsequent use. So skip validation to fix it.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/8b5bacce2d13dbe648f0bfd3f738ecce8db4978c patch
https://git.kernel.org/stable/c/d3887448486caeef9687fb5dfebd4ff91e0f25aa patch
https://git.kernel.org/stable/c/bc03c02cc1991a066b23e69bbcc0f66e8f1f7453 patch

Frequently Asked Questions

What is the severity of CVE-2024-26649?
CVE-2024-26649 has been scored as a medium severity vulnerability.
How to fix CVE-2024-26649?
To fix CVE-2024-26649, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26649 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26649 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26649?
CVE-2024-26649 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.