Lucene search

Redhat.comRH:CVE-2024-36897

HistoryJun 03, 2024 - 1:32 p.m.

CVE-2024-36897

2024-06-0313:32:57

redhat.com

access.redhat.com

linux kernel

vulnerability

drm/amd/display

atom integrated system info

dcn35

kmd/vbios

uma carveout

null dereference

bios version 2.3

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Atom Integrated System Info v2_2 for DCN35 New request from KMD/VBIOS in order to support new UMA carveout model. This fixes a null dereference from accessing Ctx->dc_bios->integrated_info while it was NULL. DAL parses through the BIOS and extracts the necessary integrated_info but was missing a case for the new BIOS version 2.3.

References

bugzilla.redhat.com/show_bug.cgi?id=2284553

lore.kernel.org/linux-cve-announce/2024053035-CVE-2024-36897-55ba@gregkh/T

nvd.nist.gov/vuln/detail/CVE-2024-36897

www.cve.org/CVERecord?id=CVE-2024-36897

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for RH:CVE-2024-36897