CVE-2024-26649

2024-03-2600:00:00

ubuntu.com

linux kernel

cve-2024-26649

vulnerability

drm/amdgpu

null pointer

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware
is invalid because of wrong header size, the pointer to the rlc firmware is
released in function amdgpu_ucode_request. There will be a null pointer
error in subsequent use. So skip validation to fix it.

Notes

Author	Note
rodrigo-zaiden	USN-6765-1 for linux-oem-6.5 wrongly stated that this CVE was fixed in version 6.5.0-1022.23. The mentioned notice was revoked and the state of the fix for linux-oem-6.5 was recovered to the previous state.

OSVersionArchitecturePackageVersionFilename
ubuntu23.10noarchlinux< 6.5.0-41.41UNKNOWN
ubuntu23.10noarchlinux-aws< 6.5.0-1021.21UNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu23.10noarchlinux-azure< 6.5.0-1022.23UNKNOWN
ubuntu22.04noarchlinux-azure-6.5< 6.5.0-1022.23~22.04.1UNKNOWN
ubuntu23.10noarchlinux-gcp< 6.5.0-1022.24UNKNOWN
ubuntu22.04noarchlinux-gcp-6.5< 6.5.0-1022.24~22.04.1UNKNOWN
ubuntu22.04noarchlinux-hwe-6.5< 6.5.0-41.41~22.04.2UNKNOWN
ubuntu23.10noarchlinux-laptop< 6.5.0-1017.20UNKNOWN
ubuntu23.10noarchlinux-lowlatency< 6.5.0-41.41.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.10	noarch	linux	< 6.5.0-41.41	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< 6.5.0-1021.21	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	23.10	noarch	linux-azure	< 6.5.0-1022.23	UNKNOWN
ubuntu	22.04	noarch	linux-azure-6.5	< 6.5.0-1022.23~22.04.1	UNKNOWN
ubuntu	23.10	noarch	linux-gcp	< 6.5.0-1022.24	UNKNOWN
ubuntu	22.04	noarch	linux-gcp-6.5	< 6.5.0-1022.24~22.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-hwe-6.5	< 6.5.0-41.41~22.04.2	UNKNOWN
ubuntu	23.10	noarch	linux-laptop	< 6.5.0-1017.20	UNKNOWN
ubuntu	23.10	noarch	linux-lowlatency	< 6.5.0-41.41.1	UNKNOWN