CVE-2024-49911

low-risk

Published 2024-10-21

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func This commit adds a null check for the set_output_gamma function pointer in the dcn20_set_output_transfer_func function. Previously, set_output_gamma was being checked for null at line 1030, but then it was being dereferenced without any null check at line 1048. This could potentially lead to a null pointer dereference error if set_output_gamma is null. To fix this, we now ensure that set_output_gamma is not null before dereferencing it. We do this by adding a null check for set_output_gamma before the call to set_output_gamma at line 1048.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (6)

Patch https://git.kernel.org/stable/c/02411e9359297512946705b1cd8cf5e6b0806fa0

Patch https://git.kernel.org/stable/c/62ed6f0f198da04e884062264df308277628004f

Patch https://git.kernel.org/stable/c/827380b114f83c30b3e56d1a675980b6d65f7c88

https://git.kernel.org/stable/c/8c854138b593efbbd8fa46a25f3288c121c1d1a1

https://git.kernel.org/stable/c/e8a24767899c86f4c5f1e4d3b2608942d054900f

https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal