CVE-2024-42309

drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes

Description

In the Linux kernel, the following vulnerability has been resolved: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes In psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.07%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/13b5f3ee94bdbdc4b5f40582aab62977905aedee patch
https://git.kernel.org/stable/c/d6ad202f73f8edba0cbc0065aa57a79ffe8fdcdc patch
https://git.kernel.org/stable/c/6735d02ead7dd3adf74eb8b70aebd09e0ce78ec9 patch
https://git.kernel.org/stable/c/7e52c62ff029f95005915c0a11863b5fb5185c8c patch
https://git.kernel.org/stable/c/f70ffeca546452d1acd3a70ada56ecb2f3e7f811 patch
https://git.kernel.org/stable/c/46d2ef272957879cbe30a884574320e7f7d78692 patch
https://git.kernel.org/stable/c/475a5b3b7c8edf6e583a9eb59cf28ea770602e14 patch
https://git.kernel.org/stable/c/2df7aac81070987b0f052985856aa325a38debf6 patch

Frequently Asked Questions

What is the severity of CVE-2024-42309?
CVE-2024-42309 has been scored as a medium severity vulnerability.
How to fix CVE-2024-42309?
To fix CVE-2024-42309, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-42309 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-42309 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-42309?
CVE-2024-42309 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.