CVE-2024-53060
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-53060 is a Linux kernel vulnerability that involves a potential NULL pointer dereference in the drm/amdgpu driver. The issue arises when the acpi_evaluate_object() function returns AE_NOT_FOUND, causing the buffer.pointer (obj) to be dereferenced even when it's NULL. Although this situation might be unlikely in the current code, it's essential to prevent such bugs. The fix for this issue addresses one reported FORWARD_NULL problem (Coverity Report: CID 1600951) by bailing out when the status is AE_NOT_FOUND. This change was implemented in commit 91c9e221fe2553edf2db71627d8453f083de87a1.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX