CVE-2024-46802 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: added NULL check at start of dc_validate_stream [Why] prevent invalid memory access [How] check if dc and stream are NULL

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd
https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5
https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9
https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c
https://lore.kernel.org/linux-cve-announce/2024092706-CVE-2024-46802-c5e1@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-46802
https://www.cve.org/CVERecord?id=CVE-2024-46802

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.0005}`	epss `{'score': 0.00052}`

Mon, 07 Oct 2024 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-476
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel

Sun, 29 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 28 Sep 2024 01:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024092706-CVE-2024-46802-c5e1@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-46802 https://www.cve.org/CVERecord?id=CVE-2024-46802
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Fri, 27 Sep 2024 12:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: added NULL check at start of dc_validate_stream [Why] prevent invalid memory access [How] check if dc and stream are NULL
Title		drm/amd/display: added NULL check at start of dc_validate_stream
References		https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5 https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9 https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-09-27T12:35:48.311Z

Updated: 2025-07-11T17:20:32.325Z

Reserved: 2024-09-11T15:12:18.281Z

Link: CVE-2024-46802

Vulnrichment

Updated: 2024-09-29T14:21:07.943Z

NVD

Status : Analyzed

Published: 2024-09-27T13:15:13.483

Modified: 2024-10-07T14:21:55.687

Link: CVE-2024-46802

Redhat

Severity : Moderate

Publid Date: 2024-09-27T00:00:00Z

Links: CVE-2024-46802 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-46802", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-11T15:12:18.281Z", "datePublished": "2024-09-27T12:35:48.311Z", "dateUpdated": "2025-07-11T17:20:32.325Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-07-11T17:20:32.325Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/dc/core/dc_resource.c"], "versions": [{"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c", "lessThan": "356fcce9cdbfe338a275e9e1836adfdd7f5c52a9", "status": "affected", "versionType": "git"}, {"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c", "lessThan": "154a50bf4221a6a6ccf88d565b8184da7c40a2dd", "status": "affected", "versionType": "git"}, {"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c", "lessThan": "6bf920193ba1853bad780bba565a789246d9003c", "status": "affected", "versionType": "git"}, {"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c", "lessThan": "26c56049cc4f1705b498df013949427692a4b0d5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/dc/core/dc_resource.c"], "versions": [{"version": "4.15", "status": "affected"}, {"version": "0", "lessThan": "4.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.109", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.50", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.9", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.1.109"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.6.50"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.10.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.11"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9"}, {"url": "https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd"}, {"url": "https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c"}, {"url": "https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5"}], "title": "drm/amd/display: added NULL check at start of dc_validate_stream", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-29T14:21:06.742919Z", "id": "CVE-2024-46802", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T14:21:18.597Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-46802", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-29T14:21:06.742919Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-29T14:21:07.943Z"}}], "cna": {"title": "drm/amd/display: added NULL check at start of dc_validate_stream", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c", "lessThan": "356fcce9cdbfe338a275e9e1836adfdd7f5c52a9", "versionType": "git"}, {"status": "affected", "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c", "lessThan": "154a50bf4221a6a6ccf88d565b8184da7c40a2dd", "versionType": "git"}, {"status": "affected", "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c", "lessThan": "6bf920193ba1853bad780bba565a789246d9003c", "versionType": "git"}, {"status": "affected", "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c", "lessThan": "26c56049cc4f1705b498df013949427692a4b0d5", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/amd/display/dc/core/dc_resource.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.15"}, {"status": "unaffected", "version": "0", "lessThan": "4.15", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.109", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.50", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.9", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/amd/display/dc/core/dc_resource.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9"}, {"url": "https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd"}, {"url": "https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c"}, {"url": "https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.109", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.50", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10.9", "versionStartIncluding": "4.15"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.11", "versionStartIncluding": "4.15"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-07-11T17:20:32.325Z"}}}, "cveMetadata": {"cveId": "CVE-2024-46802", "state": "PUBLISHED", "dateUpdated": "2025-07-11T17:20:32.325Z", "dateReserved": "2024-09-11T15:12:18.281Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-09-27T12:35:48.311Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFD3BACD-EA1D-4437-A135-A3E7A761F54F", "versionEndExcluding": "6.1.109", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536", "versionEndExcluding": "6.6.50", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B", "versionEndExcluding": "6.10.9", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: added NULL check at start of dc_validate_stream\n\n[Why]\nprevent invalid memory access\n\n[How]\ncheck if dc and stream are NULL"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: se agreg\u00f3 una comprobaci\u00f3n NULL al inicio de dc_validate_stream [Por qu\u00e9] evitar el acceso no v\u00e1lido a la memoria [C\u00f3mo] comprobar si dc y stream son NULL"}], "id": "CVE-2024-46802", "lastModified": "2024-10-07T14:21:55.687", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-27T13:15:13.483", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/amd/display: added NULL check at start of dc_validate_stream", "id": "2315153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315153"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/amd/display: added NULL check at start of dc_validate_stream\n[Why]\nprevent invalid memory access\n[How]\ncheck if dc and stream are NULL"], "name": "CVE-2024-46802", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-46802\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46802\nhttps://lore.kernel.org/linux-cve-announce/2024092706-CVE-2024-46802-c5e1@gregkh/T"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object