CVE-2024-43908:CVE-2024-43908 is a vulnerability in the Linux kernel related to a null pointer dereference in the drm/amdgpu driver's ras_manager.

splash
Back

Description Preview

In the Linux kernel, specifically in the drm/amdgpu driver, a vulnerability has been identified that could lead to a null pointer dereference in the ras_manager component. This vulnerability could potentially be exploited by an attacker to cause a denial of service or execute arbitrary code on the affected system.

Overview

This vulnerability affects the Linux kernel's drm/amdgpu driver, specifically in the amdgpu_ras.c file. The issue arises from a lack of proper validation before using the ras_manager, leading to a null pointer dereference.

Remediation

To remediate this vulnerability, users are advised to update their Linux kernel to a version that includes the necessary fixes. The affected versions of the Linux kernel are listed below:

  • Versions less than ff5c4eb71ee8951c789b079f6e948f86708b04ed
  • Versions less than d81c1eeb333d84b3012a91c0500189dc1d71e46c
  • Versions less than 56e848034ccabe44e8f22ffcf49db771c17b0d0a
  • Versions less than 48cada0ac79e4775236d642e9ec5998a7c7fb7a4
  • Versions less than b89616333979114bb0da5fa40fb6e4a2f5294ca2
  • Versions less than 033187a70ba9743c73a810a006816e5553d1e7d4
  • Versions less than 4c11d30c95576937c6c35e6f29884761f2dddb43

Additionally, users should ensure that their Linux kernel is updated to the following versions or later to be considered unaffected:

  • Version 5.4.282 or later
  • Version 5.10.224 or later
  • Version 5.15.165 or later
  • Version 6.1.105 or later
  • Version 6.6.46 or later
  • Version 6.10.5 or later
  • Version 6.11 or later

References

  1. Git commit for fixing the vulnerability in affected versions: Link
  2. Git commit for fixing the vulnerability in affected versions: Link
  3. Git commit for fixing the vulnerability in affected versions: Link
  4. Git commit for fixing the vulnerability in affected versions: Link
  5. Git commit for fixing the vulnerability in affected versions: Link
  6. Git commit for fixing the vulnerability in affected versions: Link
  7. Git commit for fixing the vulnerability in affected versions: Link

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Public Administration
    Public Administration
  4. Finance and Insurance
    Finance and Insurance
  5. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  6. Educational Services
    Educational Services
  7. Transportation & Warehousing
    Transportation & Warehousing
  8. Management of Companies & Enterprises
    Management of Companies & Enterprises
  9. Other Services (except Public Administration)
    Other Services (except Public Administration)
  10. Retail Trade
    Retail Trade
  11. Utilities
    Utilities
  12. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  13. Information
    Information
  14. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  15. Construction
    Construction
  16. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  17. Wholesale Trade
    Wholesale Trade
  18. Accommodation & Food Services
    Accommodation & Food Services
  19. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  20. Mining
    Mining

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background