CVE-2024-36897

low-risk
Published 2024-05-30

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Atom Integrated System Info v2_2 for DCN35 New request from KMD/VBIOS in order to support new UMA carveout model. This fixes a null dereference from accessing Ctx->dc_bios->integrated_info while it was NULL. DAL parses through the BIOS and extracts the necessary integrated_info but was missing a case for the new BIOS version 2.3.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Linux

References (10)

Patch https://git.kernel.org/stable/c/02f5300f6827206f6e48a77f51e6264993695e5c
Patch https://git.kernel.org/stable/c/3c7013a87124bab54216d9b99f77e8b6de6fbc1a
Patch https://git.kernel.org/stable/c/7e3030774431eb093165a31baff040d35446fb8b
Patch https://git.kernel.org/stable/c/9a35d205f466501dcfe5625ca313d944d0ac2d60
Patch https://git.kernel.org/stable/c/c2797ec16d9072327e7578d09ee05bcab52fffd0
Patch https://git.kernel.org/stable/c/02f5300f6827206f6e48a77f51e6264993695e5c
Patch https://git.kernel.org/stable/c/3c7013a87124bab54216d9b99f77e8b6de6fbc1a
Patch https://git.kernel.org/stable/c/7e3030774431eb093165a31baff040d35446fb8b
Patch https://git.kernel.org/stable/c/9a35d205f466501dcfe5625ca313d944d0ac2d60
Patch https://git.kernel.org/stable/c/c2797ec16d9072327e7578d09ee05bcab52fffd0
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal