CVE-2024-46810 – This CVE describes a NULL pointer dereference v... (How to Fix)

Q: What is the severity of CVE-2024-46810?

CVE-2024-46810 has a CVSS score of 5.5 (MEDIUM). This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's tc358767 display bridge driver. It occurs when the driver signals a Hot Plug Detect (HPD) event before the connector is fully initialized, potentially causing kernel crashes. Systems using affected Linux kernel versions with tc358767 bridge hardware are vulnerable.

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's tc358767 display bridge driver. It occurs when the driver signals a Hot Plug Detect (HPD) event before the connector is fully initialized, potentially causing kernel crashes. Systems using affected Linux kernel versions with tc358767 bridge hardware are vulnerable.

💻 Affected Systems

Products:

Linux kernel with tc358767 bridge driver

Versions: Specific kernel versions containing the vulnerable code (check git commits for exact ranges)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using tc358767 display bridge hardware. Most servers and headless systems are not vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, requiring physical or remote reboot.

🟠

Likely Case

System instability or crash when hot-plugging display devices, resulting in temporary denial of service.

🟢

If Mitigated

Minor system disruption requiring manual intervention to recover.

🌐 Internet-Facing: LOW - Requires local access or specific hardware interaction.

🏢 Internal Only: MEDIUM - Could affect workstations or servers with display hardware, but requires specific conditions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering HPD events on vulnerable hardware, typically through physical interaction or specialized hardware control.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing fixes from the provided git commits

Vendor Advisory: https://git.kernel.org/stable/c/162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution. 2. Rebuild kernel if compiling from source with the fix commits. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable tc358767 module

linux

Prevent loading of the vulnerable driver if not needed

echo 'blacklist tc358767' >> /etc/modprobe.d/blacklist.conf
rmmod tc358767

Avoid hot-plugging displays

all

Prevent triggering the HPD event that causes the vulnerability

🧯 If You Can't Patch

Ensure systems don't use tc358767 bridge hardware
Implement strict physical access controls to prevent hardware manipulation

🔍 How to Verify

Check if Vulnerable:

Check if tc358767 module is loaded: lsmod | grep tc358767. Check kernel version against affected ranges.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and check dmesg for tc358767-related errors after patch.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in dmesg/syslog
NULL pointer dereference errors mentioning tc358767 or drm_kms_helper

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("tc358767" OR "NULL pointer dereference")

📊 Metadata

CVE ID: CVE-2024-46810

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: September 27, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46810, you might also want to check these: