CVE-2024-46808 – This CVE describes a NULL pointer dereference v... (How to Fix)

Q: What is the severity of CVE-2024-46808?

CVE-2024-46808 has a CVSS score of 5.5 (MEDIUM). This CVE describes a NULL pointer dereference vulnerability in the AMD display driver component of the Linux kernel. The vulnerability occurs when kcalloc fails to allocate memory and returns NULL, which is then dereferenced without proper validation. This affects Linux systems with AMD graphics hardware using the affected kernel versions.

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the AMD display driver component of the Linux kernel. The vulnerability occurs when kcalloc fails to allocate memory and returns NULL, which is then dereferenced without proper validation. This affects Linux systems with AMD graphics hardware using the affected kernel versions.

💻 Affected Systems

Products:

Linux kernel with AMD display driver (drm/amd/display)

Versions: Specific kernel versions containing the vulnerable commit; exact range depends on distribution backports

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires AMD graphics hardware and the affected display driver component to be loaded. Systems without AMD graphics or with the driver disabled are not vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or system instability.

🟠

Likely Case

System crash or kernel panic when specific display operations are performed, requiring system reboot.

🟢

If Mitigated

Minor system instability or application crashes if the vulnerable code path is triggered.

🌐 Internet-Facing: LOW - This requires local access to trigger the vulnerable display operations.

🏢 Internal Only: MEDIUM - Local users or processes with appropriate permissions could trigger the vulnerability, potentially causing system-wide disruption.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering specific display operations that cause memory allocation failure. This is typically a local vulnerability requiring user interaction or specific application behavior.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commit 5524fa301ba649f8cf00848f91468e0ba7e4f24c or ca0b0b0a22306f2e51105ac48f4a09c2fbbb504e

Vendor Advisory: https://git.kernel.org/stable/c/5524fa301ba649f8cf00848f91468e0ba7e4f24c

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution's repositories. 2. Reboot the system to load the new kernel. 3. Verify the patch is applied by checking kernel version or commit hash.

🔧 Temporary Workarounds

Disable AMD display driver

linux

Prevent loading of the vulnerable AMD display driver module

echo 'blacklist amdgpu' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

Restrict local user access to systems with AMD graphics hardware
Monitor system logs for kernel panic events related to display operations

🔍 How to Verify

Check if Vulnerable:

Check if your kernel version contains the vulnerable commit: 'git log --oneline | grep -E "5524fa301ba649f8cf00848f91468e0ba7e4f24c|ca0b0b0a22306f2e51105ac48f4a09c2fbbb504e"'

Check Version:

uname -r

Verify Fix Applied:

Verify the patched commit is present: 'uname -r' and check with your distribution's security advisories

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
NULL pointer dereference errors in dmesg
Display driver crash logs

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "amdgpu")

📊 Metadata

CVE ID: CVE-2024-46808

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: September 27, 2024

Last Updated: October 2, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46808, you might also want to check these: