CVE-2024-38549 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

drm/mediatek: Add 0 size check to mtk_drm_gem_obj

Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object
of 0 bytes. Currently, no such check exists and the kernel will panic if
a userspace application attempts to allocate a 0x0 GBM buffer.

Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and
verifying that we now return EINVAL.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0001.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0e3b6f9123726858cac299e1654e3d20424cabe4
https://git.kernel.org/stable/c/13562c2d48c9ee330de1077d00146742be368f05
https://git.kernel.org/stable/c/1e4350095e8ab2577ee05f8c3b044e661b5af9a0
https://git.kernel.org/stable/c/79078880795478d551a05acc41f957700030d364
https://git.kernel.org/stable/c/9489951e3ae505534c4013db4e76b1b5a3151ac7
https://git.kernel.org/stable/c/af26ea99019caee1500bf7e60c861136c0bf8594
https://git.kernel.org/stable/c/be34a1b351ea7faeb15dde8c44fe89de3980ae67
https://git.kernel.org/stable/c/d17b75ee9c2e44d3a3682c4ea5ab713ea6073350
https://git.kernel.org/stable/c/fb4aabdb1b48c25d9e1ee28f89440fd2ce556405
https://lore.kernel.org/linux-cve-announce/2024061950-CVE-2024-38549-6ae4@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-38549
https://www.cve.org/CVERecord?id=CVE-2024-38549

History

Tue, 05 Nov 2024 10:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 27 Aug 2024 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-19T13:35:22.042Z

Updated: 2025-05-04T09:13:46.917Z

Reserved: 2024-06-18T19:36:34.920Z

Link: CVE-2024-38549

Vulnrichment

Updated: 2024-08-02T04:12:25.182Z

NVD

Status : Modified

Published: 2024-06-19T14:15:15.163

Modified: 2024-11-21T09:26:19.140

Link: CVE-2024-38549

Redhat

Severity : Low

Publid Date: 2024-06-19T00:00:00Z

Links: CVE-2024-38549 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object