Lucene search

K
redhatcveRedhat.comRH:CVE-2024-26979
HistoryMay 01, 2024 - 7:34 p.m.

CVE-2024-26979

2024-05-0119:34:25
redhat.com
access.redhat.com
3
linux kernel
vmwgfx
null pointer
dereference
vulnerability
fix
ant group
security lab
poc

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix possible null pointer derefence with invalid contexts vmw_context_cotable can return either an error or a null pointer and its usage sometimes went unchecked. Subsequent code would then try to access either a null pointer or an error value. The invalid dereferences were only possible with malformed userspace apps which never properly initialized the rendering contexts. Check the results of vmw_context_cotable to fix the invalid derefs. Thanks: ziming zhang(@ezrak1e) from Ant Group Light-Year Security Lab who was the first person to discover it. Niels De Graef who reported it and helped to track down the poc.

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%