CVE-2024-26938
Last modified
CVE-2024-26938 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() If we have no VBT, or the VBT didn't declare the encoder in question, we won't have the 'devdata' for the encoder. Instead of oopsing just bail early. We won't be able to tell whether the port is DP++ or not, but so be it. (cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733). EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() If we have no VBT, or the VBT didn't declare the encoder in question, we won't have the 'devdata' for the encoder. Instead of oopsing just bail early. We won't be able to tell whether the port is DP++ or not, but so be it. (cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733)
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | < 6.1.84 | — |
| Linux | Linux Kernel | >= 6.2, < 6.6.24 | — |
| Linux | Linux Kernel | >= 6.7, < 6.7.12 | — |
| Linux | Linux Kernel | >= 6.8, < 6.8.3 | — |
| Linux | Linux Kernel | 6.9 | Rc1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-26938?
How severe is CVE-2024-26938?
How do I fix CVE-2024-26938?
Are you affected by CVE-2024-26938?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST