CVE-2024-43899
📋 TL;DR
A null pointer dereference vulnerability in the AMD GPU display driver for Linux kernels allows local attackers to cause a kernel panic and system crash. This affects systems with AMD DCN401 dGPUs running vulnerable Linux kernel versions. The vulnerability is triggered during fullscreen video playback with specific media player configurations.
💻 Affected Systems
- Linux kernel with AMD GPU display driver (amdgpu)
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local denial of service causing kernel panic and system crash, potentially leading to data loss or corruption if unsaved work exists.
Likely Case
System crash requiring reboot when users trigger the specific video playback scenario described in the CVE.
If Mitigated
No impact if patched or if the vulnerable code path is not triggered.
🎯 Exploit Status
Exploitation requires local user to run mpv with specific parameters and trigger fullscreen playback.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel patches: 6940c1d0c84a34d5a2038714c218238101a1db5b, 974fccd61758599a9716c4b909d9226749efe37e, ecbf60782662f0a388493685b85a645a0ba1613c
Vendor Advisory: https://git.kernel.org/stable/c/6940c1d0c84a34d5a2038714c218238101a1db5b
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. For Ubuntu: sudo apt update && sudo apt upgrade linux-image-generic. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid triggering vulnerable code path
linuxPrevent users from running mpv with the specific parameters that trigger the vulnerability.
Disable AMD GPU hardware acceleration
linuxTemporarily disable hardware video acceleration to avoid the vulnerable code path.
echo 'options amdgpu dc=0' | sudo tee /etc/modprobe.d/amdgpu-disable.conf
sudo update-initramfs -u
sudo reboot
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable configurations.
- Implement monitoring for kernel panic events related to amdgpu driver.
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if system has AMD DCN401 dGPU: lspci | grep -i amd && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and test the specific mpv playback scenario that previously caused crashes.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages with 'BUG: kernel NULL pointer dereference'
- Call traces containing 'dcn20_get_dcc_compression_cap' or 'amdgpu' driver functions
- System crash/reboot events following video playback
SIEM Query:
event_type:kernel_panic AND message:*NULL pointer dereference* AND message:*amdgpu*