CVE-2024-49913

drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream This commit addresses a null pointer dereference issue in the `commit_planes_for_stream` function at line 4140. The issue could occur when `top_pipe_to_program` is null. The fix adds a check to ensure `top_pipe_to_program` is not null before accessing its stream_res. This prevents a null pointer dereference. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc.c:4140 commit_planes_for_stream() error: we previously assumed 'top_pipe_to_program' could be null (see line 3906)

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/1ebfa6663807c144be8c8b6727375012409d2356 patch
https://git.kernel.org/stable/c/8ab59527852a6f7780aad6185729550ca0569122 patch
https://git.kernel.org/stable/c/40193ff73630adf76bc0d82398f7d90fb576dba4 patch
https://git.kernel.org/stable/c/e47e563c6f0db7d792a559301862c19ead0dfc2f patch
https://git.kernel.org/stable/c/3929e382e4758aff42da0102a60d13337c99d3b8 patch
https://git.kernel.org/stable/c/73efd2a611b62fee71a7b7f27d9d08bb60da8a72 patch
https://git.kernel.org/stable/c/66d71a72539e173a9b00ca0b1852cbaa5f5bf1ad patch

Frequently Asked Questions

What is the severity of CVE-2024-49913?
CVE-2024-49913 has been scored as a medium severity vulnerability.
How to fix CVE-2024-49913?
To fix CVE-2024-49913, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-49913 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-49913 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-49913?
CVE-2024-49913 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.