OpenCVE

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip It's possible that mtk_crtc->event is NULL in mtk_drm_crtc_finish_page_flip(). pending_needs_vblank value is set by mtk_crtc->event, but in mtk_drm_crtc_atomic_flush(), it's is not guarded by the same lock in mtk_drm_finish_page_flip(), thus a race condition happens. Consider the following case: CPU1 CPU2 step 1: mtk_drm_crtc_atomic_begin() mtk_crtc->event is not null, step 1: mtk_drm_crtc_atomic_flush: mtk_drm_crtc_update_config( !!mtk_crtc->event) step 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip: lock mtk_crtc->event set to null, pending_needs_vblank set to false unlock pending_needs_vblank set to true, step 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip called again, pending_needs_vblank is still true //null pointer Instead of guarding the entire mtk_drm_crtc_atomic_flush(), it's more efficient to just check if mtk_crtc->event is null before use.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

References

Link	Providers
https://git.kernel.org/stable/c/3fc88b246a2fc16014e374040fc15af1d3752535
https://git.kernel.org/stable/c/4688be96d20ffa49d2186523ee84f475f316fd49
https://git.kernel.org/stable/c/9acee29a38b4d4b70f1f583e5ef9a245db4db710
https://git.kernel.org/stable/c/9beec711a17245b853d64488fd5b739031612340
https://git.kernel.org/stable/c/a3dd12b64ae8373a41a216a0b621df224210860a
https://git.kernel.org/stable/c/accdac6b71d5a2b84040c3d2234f53a60edc398e
https://git.kernel.org/stable/c/c958e86e9cc1b48cac004a6e245154dfba8e163b
https://git.kernel.org/stable/c/d2bd30c710475b2e29288827d2c91f9e6e2b91d7
https://git.kernel.org/stable/c/dfde84cc6c589f2a9f820f12426d97365670b731
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lore.kernel.org/linux-cve-announce/2024041739-CVE-2024-26874-79b0@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26874
https://www.cve.org/CVERecord?id=CVE-2024-26874

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Tue, 05 Nov 2024 10:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-17T10:27:33.278Z

Updated: 2024-11-05T09:17:23.474Z

Reserved: 2024-02-19T14:20:24.185Z

Link: CVE-2024-26874

Vulnrichment

Updated: 2024-08-02T00:21:04.219Z

NVD

Status : Awaiting Analysis

Published: 2024-04-17T11:15:09.670

Modified: 2024-11-21T09:03:16.010

Link: CVE-2024-26874

Redhat

Severity : Low

Publid Date: 2024-04-17T00:00:00Z

Links: CVE-2024-26874 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object