CVE - CVE-2024-26874

CVE-ID
CVE-2024-26874	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip It's possible that mtk_crtc->event is NULL in mtk_drm_crtc_finish_page_flip(). pending_needs_vblank value is set by mtk_crtc->event, but in mtk_drm_crtc_atomic_flush(), it's is not guarded by the same lock in mtk_drm_finish_page_flip(), thus a race condition happens. Consider the following case: CPU1 CPU2 step 1: mtk_drm_crtc_atomic_begin() mtk_crtc->event is not null, step 1: mtk_drm_crtc_atomic_flush: mtk_drm_crtc_update_config( !!mtk_crtc->event) step 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip: lock mtk_crtc->event set to null, pending_needs_vblank set to false unlock pending_needs_vblank set to true, step 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip called again, pending_needs_vblank is still true //null pointer Instead of guarding the entire mtk_drm_crtc_atomic_flush(), it's more efficient to just check if mtk_crtc->event is null before use.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/3fc88b246a2fc16014e374040fc15af1d3752535 URL:https://git.kernel.org/stable/c/3fc88b246a2fc16014e374040fc15af1d3752535 MISC:https://git.kernel.org/stable/c/4688be96d20ffa49d2186523ee84f475f316fd49 URL:https://git.kernel.org/stable/c/4688be96d20ffa49d2186523ee84f475f316fd49 MISC:https://git.kernel.org/stable/c/9acee29a38b4d4b70f1f583e5ef9a245db4db710 URL:https://git.kernel.org/stable/c/9acee29a38b4d4b70f1f583e5ef9a245db4db710 MISC:https://git.kernel.org/stable/c/9beec711a17245b853d64488fd5b739031612340 URL:https://git.kernel.org/stable/c/9beec711a17245b853d64488fd5b739031612340 MISC:https://git.kernel.org/stable/c/a3dd12b64ae8373a41a216a0b621df224210860a URL:https://git.kernel.org/stable/c/a3dd12b64ae8373a41a216a0b621df224210860a MISC:https://git.kernel.org/stable/c/accdac6b71d5a2b84040c3d2234f53a60edc398e URL:https://git.kernel.org/stable/c/accdac6b71d5a2b84040c3d2234f53a60edc398e MISC:https://git.kernel.org/stable/c/c958e86e9cc1b48cac004a6e245154dfba8e163b URL:https://git.kernel.org/stable/c/c958e86e9cc1b48cac004a6e245154dfba8e163b MISC:https://git.kernel.org/stable/c/d2bd30c710475b2e29288827d2c91f9e6e2b91d7 URL:https://git.kernel.org/stable/c/d2bd30c710475b2e29288827d2c91f9e6e2b91d7 MISC:https://git.kernel.org/stable/c/dfde84cc6c589f2a9f820f12426d97365670b731 URL:https://git.kernel.org/stable/c/dfde84cc6c589f2a9f820f12426d97365670b731
Assigning CNA
kernel.org
Date Record Created
20240219	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240219)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)