CVE-2024-47720 – This CVE describes a null pointer dereference v... (How to Fix)

Q: What is the severity of CVE-2024-47720?

CVE-2024-47720 has a CVSS score of 5.5 (MEDIUM). This CVE describes a null pointer dereference vulnerability in the AMD display driver within the Linux kernel. If exploited, it could cause a kernel panic or system crash when specific display operations are performed. This affects Linux systems with AMD graphics hardware using the vulnerable driver.

📋 TL;DR

This CVE describes a null pointer dereference vulnerability in the AMD display driver within the Linux kernel. If exploited, it could cause a kernel panic or system crash when specific display operations are performed. This affects Linux systems with AMD graphics hardware using the vulnerable driver.

💻 Affected Systems

Products:

Linux kernel with AMD GPU display driver (drm/amd/display)

Versions: Linux kernel versions containing the vulnerable dcn30_hwseq.c code before the fix commits

Operating Systems: Linux distributions with AMD GPU support

Default Config Vulnerable: ⚠️ Yes

Notes: Requires AMD graphics hardware and the vulnerable display driver code path to be triggered.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or system instability.

🟠

Likely Case

System crash or kernel panic when performing display operations with AMD graphics, resulting in denial of service.

🟢

If Mitigated

No impact if the null check prevents the dereference, or if the vulnerable code path isn't triggered.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring local access or privilege escalation to trigger.

🏢 Internal Only: MEDIUM - Local users or processes could trigger the crash, affecting system availability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM - Requires triggering specific display operations with null function pointer

Exploitation requires local access and ability to trigger the vulnerable display code path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commit 08ae395ea22fb3d9b318c8bde28c0dfd2f5fa4d2 or later

Vendor Advisory: https://git.kernel.org/stable/c/08ae395ea22fb3d9b318c8bde28c0dfd2f5fa4d2

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commit. 2. Reboot system to load new kernel. 3. Verify kernel version with 'uname -r'.

🔧 Temporary Workarounds

Disable AMD GPU driver module

linux

Prevent loading of the vulnerable AMD display driver module

echo 'blacklist amdgpu' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

Restrict local user access to systems with AMD graphics
Monitor for kernel panics and system crashes related to display operations

🔍 How to Verify

Check if Vulnerable:

Check if running kernel contains vulnerable dcn30_hwseq.c code before fix commits

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commit 08ae395ea22fb3d9b318c8bde28c0dfd2f5fa4d2

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
System crash logs
AMD GPU driver error messages

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "NULL pointer dereference")

📊 Metadata

CVE ID: CVE-2024-47720

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: October 21, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47720, you might also want to check these: