{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26938", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.196Z", "datePublished": "2024-05-01T05:17:40.173Z", "dateUpdated": "2024-11-05T09:18:32.651Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:18:32.651Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()\n\nIf we have no VBT, or the VBT didn't declare the encoder\nin question, we won't have the 'devdata' for the encoder.\nInstead of oopsing just bail early.\n\nWe won't be able to tell whether the port is DP++ or not,\nbut so be it.\n\n(cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/i915/display/intel_bios.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "72e4d3fb72e9", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "a891add409e3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "f4bbac954d8f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "94cf2fb6fecc", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "32e39bab5993", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/i915/display/intel_bios.c"], "versions": [{"version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.24", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.12", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.3", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/72e4d3fb72e9f0f016946158a7d95304832768e6"}, {"url": "https://git.kernel.org/stable/c/a891add409e3bc381f4f68c2ce9d953f1865cb1f"}, {"url": "https://git.kernel.org/stable/c/f4bbac954d8f9ab214ea1d4f385de4fa6bd92dd0"}, {"url": "https://git.kernel.org/stable/c/94cf2fb6feccd625e5b4e23e1b70f39a206f82ac"}, {"url": "https://git.kernel.org/stable/c/32e39bab59934bfd3f37097d4dd85ac5eb0fd549"}], "title": "drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.836Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/72e4d3fb72e9f0f016946158a7d95304832768e6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a891add409e3bc381f4f68c2ce9d953f1865cb1f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f4bbac954d8f9ab214ea1d4f385de4fa6bd92dd0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/94cf2fb6feccd625e5b4e23e1b70f39a206f82ac", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/32e39bab59934bfd3f37097d4dd85ac5eb0fd549", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26938", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:45:49.016568Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:52.443Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/72e4d3fb72e9f0f016946158a7d95304832768e6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a891add409e3bc381f4f68c2ce9d953f1865cb1f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f4bbac954d8f9ab214ea1d4f385de4fa6bd92dd0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/94cf2fb6feccd625e5b4e23e1b70f39a206f82ac", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/32e39bab59934bfd3f37097d4dd85ac5eb0fd549", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.836Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26938", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:45:49.016568Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:19.349Z"}}], "cna": {"title": "drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "72e4d3fb72e9", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "a891add409e3", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "f4bbac954d8f", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "94cf2fb6fecc", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "32e39bab5993", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/i915/display/intel_bios.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.1.84", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.24", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.12", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.3", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/i915/display/intel_bios.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/72e4d3fb72e9f0f016946158a7d95304832768e6"}, {"url": "https://git.kernel.org/stable/c/a891add409e3bc381f4f68c2ce9d953f1865cb1f"}, {"url": "https://git.kernel.org/stable/c/f4bbac954d8f9ab214ea1d4f385de4fa6bd92dd0"}, {"url": "https://git.kernel.org/stable/c/94cf2fb6feccd625e5b4e23e1b70f39a206f82ac"}, {"url": "https://git.kernel.org/stable/c/32e39bab59934bfd3f37097d4dd85ac5eb0fd549"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()\n\nIf we have no VBT, or the VBT didn't declare the encoder\nin question, we won't have the 'devdata' for the encoder.\nInstead of oopsing just bail early.\n\nWe won't be able to tell whether the port is DP++ or not,\nbut so be it.\n\n(cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733)"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:18:32.651Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26938", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:18:32.651Z", "dateReserved": "2024-02-19T14:20:24.196Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-01T05:17:40.173Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()\n\nIf we have no VBT, or the VBT didn't declare the encoder\nin question, we won't have the 'devdata' for the encoder.\nInstead of oopsing just bail early.\n\nWe won't be able to tell whether the port is DP++ or not,\nbut so be it.\n\n(cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733)"}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() Si no tenemos VBT, o el VBT no declar\u00f3 el codificador en cuesti\u00f3n, no tendremos los 'devdata' para el codificador. En lugar de huir, simplemente sal de la c\u00e1rcel antes de tiempo. No podremos saber si el puerto es DP++ o no, pero que as\u00ed sea. (cereza escogida del compromiso 26410896206342c8a80d2b027923e9ee7d33b733)"}], "id": "CVE-2024-26938", "lastModified": "2024-05-01T13:02:20.750", "metrics": {}, "published": "2024-05-01T06:15:09.077", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/32e39bab59934bfd3f37097d4dd85ac5eb0fd549"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/72e4d3fb72e9f0f016946158a7d95304832768e6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/94cf2fb6feccd625e5b4e23e1b70f39a206f82ac"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a891add409e3bc381f4f68c2ce9d953f1865cb1f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f4bbac954d8f9ab214ea1d4f385de4fa6bd92dd0"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()", "id": "2278229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278229"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()\nIf we have no VBT, or the VBT didn't declare the encoder\nin question, we won't have the 'devdata' for the encoder.\nInstead of oopsing just bail early.\nWe won't be able to tell whether the port is DP++ or not,\nbut so be it.\n(cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733)"], "name": "CVE-2024-26938", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26938\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26938\nhttps://lore.kernel.org/linux-cve-announce/2024050124-CVE-2024-26938-b3f9@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.1.84, kernel 6.6.24, kernel 6.7.12, kernel 6.8.3, kernel 6.9-rc2"}