CVE-2024-26874

drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip

Description

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip It's possible that mtk_crtc->event is NULL in mtk_drm_crtc_finish_page_flip(). pending_needs_vblank value is set by mtk_crtc->event, but in mtk_drm_crtc_atomic_flush(), it's is not guarded by the same lock in mtk_drm_finish_page_flip(), thus a race condition happens. Consider the following case: CPU1 CPU2 step 1: mtk_drm_crtc_atomic_begin() mtk_crtc->event is not null, step 1: mtk_drm_crtc_atomic_flush: mtk_drm_crtc_update_config( !!mtk_crtc->event) step 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip: lock mtk_crtc->event set to null, pending_needs_vblank set to false unlock pending_needs_vblank set to true, step 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip called again, pending_needs_vblank is still true //null pointer Instead of guarding the entire mtk_drm_crtc_atomic_flush(), it's more efficient to just check if mtk_crtc->event is null before use.

Category

4.7
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/accdac6b71d5a2b84040c3d2234f53a60edc398e patch mailing list
https://git.kernel.org/stable/c/dfde84cc6c589f2a9f820f12426d97365670b731 patch mailing list
https://git.kernel.org/stable/c/4688be96d20ffa49d2186523ee84f475f316fd49 patch mailing list
https://git.kernel.org/stable/c/9beec711a17245b853d64488fd5b739031612340 patch mailing list
https://git.kernel.org/stable/c/d2bd30c710475b2e29288827d2c91f9e6e2b91d7 patch mailing list
https://git.kernel.org/stable/c/a3dd12b64ae8373a41a216a0b621df224210860a patch mailing list
https://git.kernel.org/stable/c/9acee29a38b4d4b70f1f583e5ef9a245db4db710 patch mailing list
https://git.kernel.org/stable/c/3fc88b246a2fc16014e374040fc15af1d3752535 patch mailing list
https://git.kernel.org/stable/c/c958e86e9cc1b48cac004a6e245154dfba8e163b patch mailing list
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html mailing list

Frequently Asked Questions

What is the severity of CVE-2024-26874?
CVE-2024-26874 has been scored as a medium severity vulnerability.
How to fix CVE-2024-26874?
To fix CVE-2024-26874, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26874 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26874 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26874?
CVE-2024-26874 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.