CVE-2024-27041

drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() Since 'adev->dm.dc' in amdgpu_dm_fini() might turn out to be NULL before the call to dc_enable_dmub_notifications(), check beforehand to ensure there will not be a possible NULL-ptr-deref there. Also, since commit 1e88eb1b2c25 ("drm/amd/display: Drop CONFIG_DRM_AMD_DC_HDCP") there are two separate checks for NULL in 'adev->dm.dc' before dc_deinit_callbacks() and dc_dmub_srv_destroy(). Clean up by combining them all under one 'if'. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/e040f1fbe9abae91b12b074cfc3bbb5367b79811 patch
https://git.kernel.org/stable/c/ca2eb375db76fd50f31afdd67d6ca4f833254957 patch
https://git.kernel.org/stable/c/1c62697e4086de988b31124fb8c79c244ea05f2b patch
https://git.kernel.org/stable/c/2a3cfb9a24a28da9cc13d2c525a76548865e182c patch

Frequently Asked Questions

What is the severity of CVE-2024-27041?
CVE-2024-27041 has been scored as a medium severity vulnerability.
How to fix CVE-2024-27041?
To fix CVE-2024-27041, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27041 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-27041 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27041?
CVE-2024-27041 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.