CVE-2024-53201

drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe This commit addresses a null pointer dereference issue in dcn20_program_pipe(). Previously, commit 8e4ed3cf1642 ("drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe") partially fixed the null pointer dereference issue. However, in dcn20_update_dchubp_dpp(), the variable pipe_ctx is passed in, and plane_state is accessed again through pipe_ctx. Multiple if statements directly call attributes of plane_state, leading to potential null pointer dereference issues. This patch adds necessary null checks to ensure stability.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/6b4ee2560d4d8de2688da68cd9581177035e0876 patch
https://git.kernel.org/stable/c/3609259326171cd5b98462636580fb2ae5c87d40 patch
https://git.kernel.org/stable/c/6a057072ddd127255350357dd880903e8fa23f36 patch

Frequently Asked Questions

What is the severity of CVE-2024-53201?
CVE-2024-53201 has been scored as a medium severity vulnerability.
How to fix CVE-2024-53201?
To fix CVE-2024-53201, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-53201 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-53201 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-53201?
CVE-2024-53201 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.