{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-26728",
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "state": "PUBLISHED",
        "assignerShortName": "Linux",
        "dateReserved": "2024-02-19T14:20:24.164Z",
        "datePublished": "2024-04-03T17:00:16.776Z",
        "dateUpdated": "2024-09-11T17:33:21.807Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
                "shortName": "Linux",
                "dateUpdated": "2024-05-29T05:21:39.172Z"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix null-pointer dereference on edid reading\n\nUse i2c adapter when there isn't aux_mode in dc_link to fix a\nnull-pointer derefence that happens when running\nigt@kms_force_connector_basic in a system with DCN2.1 and HDMI connector\ndetected as below:\n\n[  +0.178146] BUG: kernel NULL pointer dereference, address: 00000000000004c0\n[  +0.000010] #PF: supervisor read access in kernel mode\n[  +0.000005] #PF: error_code(0x0000) - not-present page\n[  +0.000004] PGD 0 P4D 0\n[  +0.000006] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[  +0.000006] CPU: 15 PID: 2368 Comm: kms_force_conne Not tainted 6.5.0-asdn+ #152\n[  +0.000005] Hardware name: HP HP ENVY x360 Convertible 13-ay1xxx/8929, BIOS F.01 07/14/2021\n[  +0.000004] RIP: 0010:i2c_transfer+0xd/0x100\n[  +0.000011] Code: ea fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 <48> 8b 47 10 48 89 fb 48 83 38 00 0f 84 b3 00 00 00 83 3d 2f 80 16\n[  +0.000004] RSP: 0018:ffff9c4f89c0fad0 EFLAGS: 00010246\n[  +0.000005] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000080\n[  +0.000003] RDX: 0000000000000002 RSI: ffff9c4f89c0fb20 RDI: 00000000000004b0\n[  +0.000003] RBP: ffff9c4f89c0fb80 R08: 0000000000000080 R09: ffff8d8e0b15b980\n[  +0.000003] R10: 00000000000380e0 R11: 0000000000000000 R12: 0000000000000080\n[  +0.000002] R13: 0000000000000002 R14: ffff9c4f89c0fb0e R15: ffff9c4f89c0fb0f\n[  +0.000004] FS:  00007f9ad2176c40(0000) GS:ffff8d90fe9c0000(0000) knlGS:0000000000000000\n[  +0.000003] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  +0.000004] CR2: 00000000000004c0 CR3: 0000000121bc4000 CR4: 0000000000750ee0\n[  +0.000003] PKRU: 55555554\n[  +0.000003] Call Trace:\n[  +0.000006]  <TASK>\n[  +0.000006]  ? __die+0x23/0x70\n[  +0.000011]  ? page_fault_oops+0x17d/0x4c0\n[  +0.000008]  ? preempt_count_add+0x6e/0xa0\n[  +0.000008]  ? srso_alias_return_thunk+0x5/0x7f\n[  +0.000011]  ? exc_page_fault+0x7f/0x180\n[  +0.000009]  ? asm_exc_page_fault+0x26/0x30\n[  +0.000013]  ? i2c_transfer+0xd/0x100\n[  +0.000010]  drm_do_probe_ddc_edid+0xc2/0x140 [drm]\n[  +0.000067]  ? srso_alias_return_thunk+0x5/0x7f\n[  +0.000006]  ? _drm_do_get_edid+0x97/0x3c0 [drm]\n[  +0.000043]  ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\n[  +0.000042]  edid_block_read+0x3b/0xd0 [drm]\n[  +0.000043]  _drm_do_get_edid+0xb6/0x3c0 [drm]\n[  +0.000041]  ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\n[  +0.000043]  drm_edid_read_custom+0x37/0xd0 [drm]\n[  +0.000044]  amdgpu_dm_connector_mode_valid+0x129/0x1d0 [amdgpu]\n[  +0.000153]  drm_connector_mode_valid+0x3b/0x60 [drm_kms_helper]\n[  +0.000000]  __drm_helper_update_and_validate+0xfe/0x3c0 [drm_kms_helper]\n[  +0.000000]  ? amdgpu_dm_connector_get_modes+0xb6/0x520 [amdgpu]\n[  +0.000000]  ? srso_alias_return_thunk+0x5/0x7f\n[  +0.000000]  drm_helper_probe_single_connector_modes+0x2ab/0x540 [drm_kms_helper]\n[  +0.000000]  status_store+0xb2/0x1f0 [drm]\n[  +0.000000]  kernfs_fop_write_iter+0x136/0x1d0\n[  +0.000000]  vfs_write+0x24d/0x440\n[  +0.000000]  ksys_write+0x6f/0xf0\n[  +0.000000]  do_syscall_64+0x60/0xc0\n[  +0.000000]  ? srso_alias_return_thunk+0x5/0x7f\n[  +0.000000]  ? syscall_exit_to_user_mode+0x2b/0x40\n[  +0.000000]  ? srso_alias_return_thunk+0x5/0x7f\n[  +0.000000]  ? do_syscall_64+0x6c/0xc0\n[  +0.000000]  ? do_syscall_64+0x6c/0xc0\n[  +0.000000]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[  +0.000000] RIP: 0033:0x7f9ad46b4b00\n[  +0.000000] Code: 40 00 48 8b 15 19 b3 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d e1 3a 0e 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89\n[  +0.000000] RSP: 002b:00007ffcbd3bd6d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\n[  +0.000000] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ad46b4b00\n[  +0.000000] RDX: 0000000000000002 RSI: 00007f9ad48a7417 RDI: 0000000000000009\n[  +0.000000] RBP: 0000000000000002 R08\n---truncated---"
                }
            ],
            "affected": [
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "unaffected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
                    ],
                    "versions": [
                        {
                            "version": "0e859faf8670",
                            "lessThan": "2d392f7268a1",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "0e859faf8670",
                            "lessThan": "967176179215",
                            "status": "affected",
                            "versionType": "git"
                        }
                    ]
                },
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "affected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
                    ],
                    "versions": [
                        {
                            "version": "6.7",
                            "status": "affected"
                        },
                        {
                            "version": "0",
                            "lessThan": "6.7",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.7.7",
                            "lessThanOrEqual": "6.7.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.8",
                            "lessThanOrEqual": "*",
                            "status": "unaffected",
                            "versionType": "original_commit_for_fix"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145"
                },
                {
                    "url": "https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777"
                }
            ],
            "title": "drm/amd/display: fix null-pointer dereference on edid reading",
            "x_generator": {
                "engine": "bippy-a5840b7849dd"
            }
        },
        "adp": [
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-02T00:14:12.935Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            },
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "id": "CVE-2024-26728",
                                "role": "CISA Coordinator",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "version": "2.0.3",
                                "timestamp": "2024-09-10T15:52:07.138513Z"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-09-11T17:33:21.807Z"
                }
            }
        ]
    }
}