{"uuid": "ff71bd3d-c47c-43e0-be7a-cc5aaa2ca4d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-47720", "type": "seen", "source": "https://t.me/cvedetector/8457", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-47720 - AMD display driver null pointer dereference vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-47720 \nPublished : Oct. 21, 2024, 12:15 p.m. | 41\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ndrm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func \n \nThis commit adds a null check for the set_output_gamma function pointer \nin the dcn30_set_output_transfer_func function. Previously, \nset_output_gamma was being checked for nullity at line 386, but then it \nwas being dereferenced without any nullity check at line 401. This \ncould potentially lead to a null pointer dereference error if \nset_output_gamma is indeed null. \n \nTo fix this, we now ensure that set_output_gamma is not null before \ndereferencing it. We do this by adding a nullity check for \nset_output_gamma before the call to set_output_gamma at line 401. If \nset_output_gamma is null, we log an error message and do not call the \nfunction. \n \nThis fix prevents a potential null pointer dereference error. \n \ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c:401 dcn30_set_output_transfer_func() \nerror: we previously assumed 'mpc->funcs->set_output_gamma' could be null (see line 386) \n \ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn30/dcn30_hwseq.c \n 373 bool dcn30_set_output_transfer_func(struct dc *dc, \n 374 struct pipe_ctx *pipe_ctx, \n 375 const struct dc_stream_state *stream) \n 376 { \n 377 int mpcc_id = pipe_ctx->plane_res.hubp->inst; \n 378 struct mpc *mpc = pipe_ctx->stream_res.opp->ctx->dc->res_pool->mpc; \n 379 const struct pwl_params *params = NULL; \n 380 bool ret = false; \n 381 \n 382 /* program OGAM or 3DLUT only for the top pipe*/ \n 383 if (pipe_ctx->top_pipe == NULL) { \n 384 /*program rmu shaper and 3dlut in MPC*/ \n 385 ret = dcn30_set_mpc_shaper_3dlut(pipe_ctx, stream); \n 386 if (ret == false && mpc->funcs->set_output_gamma) { \n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If this is NULL \n \n 387 if (stream->out_transfer_func.type == TF_TYPE_HWPWL) \n 388 params = &stream->out_transfer_func.pwl; \n 389 else if (pipe_ctx->stream->out_transfer_func.type == \n 390 TF_TYPE_DISTRIBUTED_POINTS && \n 391 cm3_helper_translate_curve_to_hw_format( \n 392 &stream->out_transfer_func, \n 393 &mpc->blender_params, false)) \n 394 params = &mpc->blender_params; \n 395 /* there are no ROM LUTs in OUTGAM */ \n 396 if (stream->out_transfer_func.type == TF_TYPE_PREDEFINED) \n 397 BREAK_TO_DEBUGGER(); \n 398 } \n 399 } \n 400 \n--> 401 mpc->funcs->set_output_gamma(mpc, mpcc_id, params); \n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Then it will crash \n \n 402 return ret; \n 403 } \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"21 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T15:09:38.000000Z"}