CVE-2024-39505 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: drm/komeda: check for error-valued pointer komeda_pipeline_get_state() may return an error-valued pointer, thus check the pointer for negative or null value before dereferencing.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0674ed1e58e2fdcc155e7d944f8aad007a94ac69
https://git.kernel.org/stable/c/3b1cf943b029c147bfacfd53dc28ffa632c0a622
https://git.kernel.org/stable/c/86042e3d16b7e0686db835c9e7af0f9044dd3a56
https://git.kernel.org/stable/c/9460961d82134ceda7377b77a3e3e3531b625dfe
https://git.kernel.org/stable/c/99392c98b9be0523fe76944b2264b1847512ad23
https://git.kernel.org/stable/c/b880018edd3a577e50366338194dee9b899947e0
https://git.kernel.org/stable/c/bda7cdaeebf57e46c1a488ae7a15f6f264691f59
https://lore.kernel.org/linux-cve-announce/2024071205-CVE-2024-39505-8e03@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-39505
https://www.cve.org/CVERecord?id=CVE-2024-39505

History

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 12 Aug 2024 19:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20 CWE-476
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-12T12:20:37.633Z

Updated: 2024-09-11T17:34:40.002Z

Reserved: 2024-06-25T14:23:23.752Z

Link: CVE-2024-39505

Vulnrichment

Updated: 2024-09-11T12:42:25.080Z

NVD

Status : Awaiting Analysis

Published: 2024-07-12T13:15:12.887

Modified: 2024-07-12T16:34:58.687

Link: CVE-2024-39505

Redhat

Severity : Moderate

Publid Date: 2024-07-12T00:00:00Z

Links: CVE-2024-39505 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39505", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-25T14:23:23.752Z", "datePublished": "2024-07-12T12:20:37.633Z", "dateUpdated": "2024-09-11T17:34:40.002Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:50:57.150Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/komeda: check for error-valued pointer\n\nkomeda_pipeline_get_state() may return an error-valued pointer, thus\ncheck the pointer for negative or null value before dereferencing."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c"], "versions": [{"version": "502932a03fce", "lessThan": "0674ed1e58e2", "status": "affected", "versionType": "git"}, {"version": "502932a03fce", "lessThan": "bda7cdaeebf5", "status": "affected", "versionType": "git"}, {"version": "502932a03fce", "lessThan": "86042e3d16b7", "status": "affected", "versionType": "git"}, {"version": "502932a03fce", "lessThan": "3b1cf943b029", "status": "affected", "versionType": "git"}, {"version": "502932a03fce", "lessThan": "9460961d8213", "status": "affected", "versionType": "git"}, {"version": "502932a03fce", "lessThan": "99392c98b9be", "status": "affected", "versionType": "git"}, {"version": "502932a03fce", "lessThan": "b880018edd3a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c"], "versions": [{"version": "5.3", "status": "affected"}, {"version": "0", "lessThan": "5.3", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/0674ed1e58e2fdcc155e7d944f8aad007a94ac69"}, {"url": "https://git.kernel.org/stable/c/bda7cdaeebf57e46c1a488ae7a15f6f264691f59"}, {"url": "https://git.kernel.org/stable/c/86042e3d16b7e0686db835c9e7af0f9044dd3a56"}, {"url": "https://git.kernel.org/stable/c/3b1cf943b029c147bfacfd53dc28ffa632c0a622"}, {"url": "https://git.kernel.org/stable/c/9460961d82134ceda7377b77a3e3e3531b625dfe"}, {"url": "https://git.kernel.org/stable/c/99392c98b9be0523fe76944b2264b1847512ad23"}, {"url": "https://git.kernel.org/stable/c/b880018edd3a577e50366338194dee9b899947e0"}], "title": "drm/komeda: check for error-valued pointer", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.910Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0674ed1e58e2fdcc155e7d944f8aad007a94ac69", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bda7cdaeebf57e46c1a488ae7a15f6f264691f59", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/86042e3d16b7e0686db835c9e7af0f9044dd3a56", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3b1cf943b029c147bfacfd53dc28ffa632c0a622", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9460961d82134ceda7377b77a3e3e3531b625dfe", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/99392c98b9be0523fe76944b2264b1847512ad23", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b880018edd3a577e50366338194dee9b899947e0", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39505", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:06:57.867841Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:40.002Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39505", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-25T14:23:23.752Z", "datePublished": "2024-07-12T12:20:37.633Z", "dateUpdated": "2024-08-02T04:26:15.910Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:50:57.150Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/komeda: check for error-valued pointer\n\nkomeda_pipeline_get_state() may return an error-valued pointer, thus\ncheck the pointer for negative or null value before dereferencing."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c"], "versions": [{"version": "502932a03fce", "lessThan": "0674ed1e58e2", "status": "affected", "versionType": "git"}, {"version": "502932a03fce", "lessThan": "bda7cdaeebf5", "status": "affected", "versionType": "git"}, {"version": "502932a03fce", "lessThan": "86042e3d16b7", "status": "affected", "versionType": "git"}, {"version": "502932a03fce", "lessThan": "3b1cf943b029", "status": "affected", "versionType": "git"}, {"version": "502932a03fce", "lessThan": "9460961d8213", "status": "affected", "versionType": "git"}, {"version": "502932a03fce", "lessThan": "99392c98b9be", "status": "affected", "versionType": "git"}, {"version": "502932a03fce", "lessThan": "b880018edd3a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c"], "versions": [{"version": "5.3", "status": "affected"}, {"version": "0", "lessThan": "5.3", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.279", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.221", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.162", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.95", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.35", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.6", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/0674ed1e58e2fdcc155e7d944f8aad007a94ac69"}, {"url": "https://git.kernel.org/stable/c/bda7cdaeebf57e46c1a488ae7a15f6f264691f59"}, {"url": "https://git.kernel.org/stable/c/86042e3d16b7e0686db835c9e7af0f9044dd3a56"}, {"url": "https://git.kernel.org/stable/c/3b1cf943b029c147bfacfd53dc28ffa632c0a622"}, {"url": "https://git.kernel.org/stable/c/9460961d82134ceda7377b77a3e3e3531b625dfe"}, {"url": "https://git.kernel.org/stable/c/99392c98b9be0523fe76944b2264b1847512ad23"}, {"url": "https://git.kernel.org/stable/c/b880018edd3a577e50366338194dee9b899947e0"}], "title": "drm/komeda: check for error-valued pointer", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39505", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:06:57.867841Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:25.080Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"bugzilla": {"description": "kernel: drm/komeda: check for error-valued pointer", "id": "2297477", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297477"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "(CWE-476|CWE-20)", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/komeda: check for error-valued pointer\nkomeda_pipeline_get_state() may return an error-valued pointer, thus\ncheck the pointer for negative or null value before dereferencing."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-39505", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-39505\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-39505\nhttps://lore.kernel.org/linux-cve-announce/2024071205-CVE-2024-39505-8e03@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.4.279, kernel 5.10.221, kernel 5.15.162, kernel 6.1.95, kernel 6.6.35, kernel 6.9.6, kernel 6.10-rc4"}