CVE-2024-49921
MEDIUM · 5.5Static analysis catch repackaged as alarm; no PoC, no KEV, generic titles.
What: Null pointer dereference in AMD display driver (drm/amd/display) affecting Linux kernel; CVSS 5.5 (medium).
Why it matters: Coverity static analysis identified 10 potential null pointer dereference paths in display clock manager code. No KEV listing, no public PoC, no in-the-wild exploitation reported. Kernel patch merged October 2024 resolves the issue prophylactically.
Where it's seen: Social media posts (Bluesky) using formulaic, sensational titles ("Red Flags," "Serious Oversight," "Urgent Action") without technical detail or evidence of real-world impact. No defender activity, no vendor emergency patching signals noted.
RISK: MODERATE — Medium CVSS null pointer dereference in driver; requires specific code path; patch available.
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null pointers before used [WHAT & HOW] Poniters, such as dc->clk_mgr, are null checked previously in the same function, so Coverity warns "implies that "dc->clk_mgr" might be null". As a result, these pointers need to be checked when used again. This fixes 10 FORWARD_NULL issues reported by Coverity.
CVSS 3.1 breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H- Attack vector
- Local
- Complexity
- Low
- Privileges required
- Low
- User interaction
- None
- Scope
- Unchanged
- Confidentiality
- None
- Integrity
- None
- Availability
- High
Affected versions
- linux/linux_kernel
- < 6.11.3