Login Sign Up

CVE-2024-50049

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE addresses a null pointer dereference vulnerability in the AMD display driver component of the Linux kernel. If exploited, it could cause a kernel panic or system crash, affecting systems running vulnerable Linux kernel versions with AMD graphics hardware. The vulnerability requires local access to trigger.

💻 Affected Systems

Products:
  • Linux kernel with AMD display driver (drm/amd/display)
Versions: Specific vulnerable kernel versions referenced in the git commits
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires AMD graphics hardware and the affected display driver component to be loaded.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local denial of service causing kernel panic and system crash, potentially leading to data loss or service disruption.

🟠

Likely Case

System crash requiring reboot, causing temporary service interruption.

🟢

If Mitigated

Minimal impact with proper access controls limiting local user privileges.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly reachable from internet.
🏢 Internal Only: MEDIUM - Malicious local users or compromised accounts could cause system crashes.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access and ability to trigger the vulnerable code path in the display driver.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the referenced git commits

Vendor Advisory: https://git.kernel.org/stable/c/65b2d49e55fe13ae56da3a7685bdccadca31134a

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Restrict local user access

linux

Limit local user privileges to reduce attack surface

# Implement least privilege principles
# Use sudo restrictions
# Monitor for privilege escalation attempts

🧯 If You Can't Patch

  • Implement strict access controls to limit local user privileges
  • Monitor systems for crash events and investigate any suspicious local user activity

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare against patched versions in git commits

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • System crash dumps
  • Unexpected reboots

Network Indicators:

  • None - local vulnerability

SIEM Query:

Search for kernel panic events or unexpected system reboots in system logs

📊 Metadata

CVE ID: CVE-2024-50049
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: October 21, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50049, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)