CVE-2024-26672 – This is a NULL pointer dereference vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2024-26672?

CVE-2024-26672 has a CVSS score of 7.1 (HIGH). This is a NULL pointer dereference vulnerability in the Linux kernel's AMD GPU driver. It allows local attackers to cause a kernel panic (denial of service) by triggering the vulnerable code path. Systems with AMD GPUs running vulnerable Linux kernel versions are affected.

📋 TL;DR

This is a NULL pointer dereference vulnerability in the Linux kernel's AMD GPU driver. It allows local attackers to cause a kernel panic (denial of service) by triggering the vulnerable code path. Systems with AMD GPUs running vulnerable Linux kernel versions are affected.

💻 Affected Systems

Products:

Linux kernel with AMD GPU driver (amdgpu)

Versions: Linux kernel versions containing the vulnerable code before fixes in stable releases

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with AMD GPUs using the amdgpu driver. Requires local access to trigger.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

Local denial of service through kernel panic when malicious userspace process triggers the vulnerable code path.

🟢

If Mitigated

Minimal impact with proper access controls preventing local users from executing privileged operations.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly reachable from network.

🏢 Internal Only: MEDIUM - Local users or compromised accounts could trigger denial of service on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to trigger the specific driver function. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel stable releases containing commits 4f32504a2f85a7b40fe149436881381f48e9c0c0 or 7b5d58c07024516c0e81b95e98f37710cf402c53

Vendor Advisory: https://git.kernel.org/stable/c/4f32504a2f85a7b40fe149436881381f48e9c0c0

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Restrict local user access

linux

Limit local user privileges to prevent triggering vulnerable driver functions

Implement proper user access controls
Use SELinux/AppArmor to restrict driver access

🧯 If You Can't Patch

Implement strict access controls to prevent local users from executing privileged operations
Monitor system logs for kernel panic events and investigate root causes

🔍 How to Verify

Check if Vulnerable:

Check if system has AMD GPU and vulnerable kernel version. Run: lspci | grep -i amd && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to patched release and system boots without issues

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
System crash/reboot events
NULL pointer dereference errors

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("panic" OR "NULL pointer dereference" OR "amdgpu_mca_smu_get_mca_entry")

📊 Metadata

CVE ID: CVE-2024-26672

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-476

Published: April 2, 2024

Last Updated: April 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26672, you might also want to check these: