CVE-2024-38549

CVSS v3.1 5.5 (Medium)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 27

NVD Status Analyzed

In the Linux kernel, the following vulnerability has been resolved:

drm/mediatek: Add 0 size check to mtk_drm_gem_obj

Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object
of 0 bytes. Currently, no such check exists and the kernel will panic if
a userspace application attempts to allocate a 0x0 GBM buffer.

Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and
verifying that we now return EINVAL.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: kernel.org
Published Date: 2024-06-19 14:15:15
(2 months ago)
Updated Date: 2024-08-27 19:57:48
(2 weeks ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.7 version and prior 4.19.316 version	cpe:2.3:o:linux:linux_kernel	>= 4.7	< 4.19.316
Linux Kernel from 4.20 version and prior 5.4.278 version	cpe:2.3:o:linux:linux_kernel	>= 4.20	< 5.4.278
Linux Kernel from 5.5 version and prior 5.10.219 version	cpe:2.3:o:linux:linux_kernel	>= 5.5	< 5.10.219
Linux Kernel from 5.11 version and prior 5.15.161 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.15.161
Linux Kernel from 5.16 version and prior 6.1.93 version	cpe:2.3:o:linux:linux_kernel	>= 5.16	< 6.1.93
Linux Kernel from 6.2 version and prior 6.6.33 version	cpe:2.3:o:linux:linux_kernel	>= 6.2	< 6.6.33
Linux Kernel from 6.7 version and prior 6.8.12 version	cpe:2.3:o:linux:linux_kernel	>= 6.7	< 6.8.12
Linux Kernel from 6.9 version and prior 6.9.3 version	cpe:2.3:o:linux:linux_kernel	>= 6.9	< 6.9.3