Login Sign Up

CVE-2024-43908

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a null pointer dereference vulnerability in the AMD GPU driver within the Linux kernel. An attacker could potentially cause a kernel panic or system crash by triggering this condition. Systems using AMD GPUs with the affected driver are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel with AMD GPU driver (drm/amdgpu)
Versions: Specific kernel versions containing the vulnerable commit; check stable kernel trees for exact ranges.
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with AMD GPUs using the amdgpu driver. Requires the RAS (Reliability, Availability, Serviceability) feature to be relevant.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to denial of service (system crash), potentially allowing limited information disclosure or privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

System crash or instability requiring reboot, causing temporary denial of service.

🟢

If Mitigated

Minimal impact with proper kernel hardening and privilege separation.

🌐 Internet-Facing: LOW - Requires local access or ability to execute code on the system.
🏢 Internal Only: MEDIUM - Local attackers or malicious users could crash systems, but requires existing access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM - Requires local access and ability to trigger specific driver conditions.

Exploitation requires triggering the null pointer dereference through driver interactions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in stable kernel versions via commits: 033187a70ba9, 48cada0ac79e, 4c11d30c9557, 56e848034cca, b89616333979

Vendor Advisory: https://git.kernel.org/stable/c/033187a70ba9743c73a810a006816e5553d1e7d4

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable AMD GPU RAS feature

linux

If RAS feature not needed, disable it to avoid vulnerable code path.

echo 'options amdgpu ras_enable=0' > /etc/modprobe.d/amdgpu-ras-disable.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

  • Restrict local user access to systems with AMD GPUs
  • Implement kernel hardening (mmap_min_addr, SELinux/AppArmor) to limit impact

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if amdgpu module is loaded: lsmod | grep amdgpu && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched by checking git commit history or distribution security updates.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • amdgpu driver crash in dmesg/kern.log
  • NULL pointer dereference errors

Network Indicators:

  • None - local vulnerability

SIEM Query:

source="kernel" AND ("amdgpu" OR "NULL pointer dereference")

📊 Metadata

CVE ID: CVE-2024-43908
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: August 26, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43908, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)