CVE-2024-49905
📋 TL;DR
This CVE describes a null pointer dereference vulnerability in the AMD GPU display driver within the Linux kernel. If exploited, it could cause a kernel panic or system crash, affecting systems with AMD graphics hardware running vulnerable Linux kernel versions.
💻 Affected Systems
- Linux kernel with AMD GPU display driver (drm/amd/display)
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or system instability.
Likely Case
System crash or instability when specific cursor update operations are performed with AMD graphics hardware.
If Mitigated
Minor system instability that may require reboot, but no privilege escalation or data compromise.
🎯 Exploit Status
Exploitation requires local access and specific conditions to trigger the null pointer dereference in cursor update operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions containing commit 75839e2365b666ff4e1b9047e442cab138eac4f6 or later
Vendor Advisory: https://git.kernel.org/stable/c/75839e2365b666ff4e1b9047e442cab138eac4f6
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commit
2. Rebuild kernel if compiling from source
3. Reboot system to load patched kernel
🔧 Temporary Workarounds
Disable AMD GPU driver module
linuxPrevent loading of the vulnerable AMD display driver module
echo 'blacklist amdgpu' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict local user access to systems with AMD graphics hardware
- Monitor system logs for kernel panic events related to display driver
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if AMD GPU driver is loaded: lsmod | grep amdgpuCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commit or check /proc/version for patched kernel version📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- System crash logs
- AMD GPU driver error messages in dmesg
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "amdgpu")🔗 References
- https://git.kernel.org/stable/c/75839e2365b666ff4e1b9047e442cab138eac4f6
- https://git.kernel.org/stable/c/9132882eaae4d21d2fc5843b3308379a481ebdf0
- https://git.kernel.org/stable/c/bd0e24e5e608ccb9fdda300bb974496d6d8cf57d
- https://git.kernel.org/stable/c/cd9e9e0852d501f169aa3bb34e4b413d2eb48c37
- https://git.kernel.org/stable/c/e4e26cbe34d7c1c1db5fb7b3101573c29866439f
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
