CVE-2024-26700: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix MST Null Ptr for RV The change try to fix below error specific to RV platform: BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2 Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022 RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper] Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8> RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224 RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280 RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850 R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000 R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224 FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0 Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? plist_add+0xbe/0x100 ? exc_page_fault+0x7c/0x180 ? asm_exc_page_fault+0x26/0x30 ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026] ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026] compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] drm_atomic_check_only+0x5c5/0xa40 drm_mode_atomic_ioctl+0x76e/0xbc0 ? _copy_to_user+0x25/0x30 ? drm_ioctl+0x296/0x4b0 ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 drm_ioctl_kernel+0xcd/0x170 drm_ioctl+0x26d/0x4b0 ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 amdgpu_drm_ioctl+0x4e/0x90 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] __x64_sys_ioctl+0x94/0xd0 do_syscall_64+0x60/0x90 ? do_syscall_64+0x6c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f4dad17f76f Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c> RSP: 002b:00007ffd9ae859f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000055e255a55900 RCX: 00007f4dad17f76f RDX: 00007ffd9ae85a90 RSI: 00000000c03864bc RDI: 000000000000000b RBP: 00007ffd9ae85a90 R08: 0000000000000003 R09: 0000000000000003 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c03864bc R13: 000000000000000b R14: 000055e255a7fc60 R15: 000055e255a01eb0 </TASK> Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ccm cmac algif_hash algif_skcipher af_alg joydev mousedev bnep > typec libphy k10temp ipmi_msghandler roles i2c_scmi acpi_cpufreq mac_hid nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_mas> CR2: 0000000000000008 ---[ end trace 0000000000000000 ]--- RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper] Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8> RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224 RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280 RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850 R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000 R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224 FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000 ---truncated---
AI Analysis
Technical Summary
CVE-2024-26700 is a vulnerability identified in the Linux kernel specifically within the AMD GPU driver subsystem, related to the Direct Rendering Manager (DRM) and display management components. The issue arises in the drm/amd/display code handling Multi-Stream Transport (MST) on Radeon (RV) platforms. The vulnerability manifests as a NULL pointer dereference error occurring in the drm_dp_atomic_find_time_slots function, which is part of the drm_display_helper module. This function is responsible for managing timing slots for DisplayPort MST, a technology that allows multiple displays to be driven from a single DisplayPort output. The NULL pointer dereference leads to a kernel oops (crash), causing the affected system to become unstable or crash entirely. The detailed kernel trace shows the fault triggered by a NULL pointer at address 0x8, indicating an attempt to access memory through an invalid pointer. This is specifically triggered during atomic mode-setting operations in the AMD GPU driver (amdgpu), which handles display configuration changes. The vulnerability affects Linux kernel versions including the 6.3.9-arch1-1 build and likely other versions using the affected AMD GPU driver code. The root cause is a missing or improper NULL pointer check in the MST handling code path, which can be triggered by certain display configurations or operations on Radeon hardware. While the vulnerability does not appear to have known exploits in the wild, it can cause denial of service by crashing the kernel, impacting system availability. No evidence suggests privilege escalation or arbitrary code execution directly from this flaw. The vulnerability was reserved in February 2024 and published in April 2024, with no CVSS score assigned yet. The patch involves adding proper NULL pointer checks and fixing the logic in drm_dp_atomic_find_time_slots to prevent dereferencing invalid pointers during MST operations on affected Radeon platforms.
Potential Impact
For European organizations, the primary impact of CVE-2024-26700 is a potential denial of service (DoS) condition on Linux systems running AMD Radeon GPUs with affected kernel versions. This can lead to unexpected system crashes, loss of availability, and disruption of critical services, especially in environments relying on Linux for workstations, servers, or embedded systems with AMD graphics hardware. Organizations using Linux-based desktops or workstations for graphical workloads, including design, engineering, or multimedia, may experience instability or downtime. Additionally, servers or infrastructure devices using AMD GPUs for compute or display purposes could be affected. While the vulnerability does not directly compromise confidentiality or integrity, the availability impact can disrupt business operations, cause data loss if unsaved work is lost during crashes, and increase operational costs due to system recovery efforts. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the kernel crash. European organizations with strict uptime requirements or those operating critical infrastructure should prioritize patching to maintain system stability and service continuity.
Mitigation Recommendations
1. Apply Kernel Updates: Immediately update Linux kernels to versions where the vulnerability is patched. Monitor Linux distribution advisories (e.g., Debian, Ubuntu, Red Hat, SUSE) for updated kernel packages containing the fix for CVE-2024-26700. 2. Limit Use of Affected Hardware: Where feasible, avoid using AMD Radeon GPUs on critical systems until patched kernels are deployed. 3. Disable MST if Not Required: If Multi-Stream Transport functionality is not needed, consider disabling MST support in the kernel or driver configuration to reduce attack surface. 4. Monitor System Logs: Implement monitoring for kernel oops or crashes related to drm or amdgpu modules to detect potential exploitation or accidental triggering. 5. Controlled Access: Restrict access to systems with AMD GPUs to trusted users and processes to minimize risk of intentional triggering. 6. Test Updates in Controlled Environments: Before deploying patches broadly, test updated kernels in staging environments to ensure compatibility and stability. 7. Backup Critical Data: Maintain regular backups to mitigate impact of unexpected crashes and data loss. 8. Engage with Vendors: For enterprise Linux distributions, coordinate with vendor support for timely patches and guidance specific to AMD GPU hardware.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-26700: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix MST Null Ptr for RV The change try to fix below error specific to RV platform: BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2 Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022 RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper] Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8> RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224 RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280 RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850 R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000 R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224 FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0 Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? plist_add+0xbe/0x100 ? exc_page_fault+0x7c/0x180 ? asm_exc_page_fault+0x26/0x30 ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026] ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026] compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] drm_atomic_check_only+0x5c5/0xa40 drm_mode_atomic_ioctl+0x76e/0xbc0 ? _copy_to_user+0x25/0x30 ? drm_ioctl+0x296/0x4b0 ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 drm_ioctl_kernel+0xcd/0x170 drm_ioctl+0x26d/0x4b0 ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 amdgpu_drm_ioctl+0x4e/0x90 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054] __x64_sys_ioctl+0x94/0xd0 do_syscall_64+0x60/0x90 ? do_syscall_64+0x6c/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f4dad17f76f Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c> RSP: 002b:00007ffd9ae859f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000055e255a55900 RCX: 00007f4dad17f76f RDX: 00007ffd9ae85a90 RSI: 00000000c03864bc RDI: 000000000000000b RBP: 00007ffd9ae85a90 R08: 0000000000000003 R09: 0000000000000003 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c03864bc R13: 000000000000000b R14: 000055e255a7fc60 R15: 000055e255a01eb0 </TASK> Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ccm cmac algif_hash algif_skcipher af_alg joydev mousedev bnep > typec libphy k10temp ipmi_msghandler roles i2c_scmi acpi_cpufreq mac_hid nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_mas> CR2: 0000000000000008 ---[ end trace 0000000000000000 ]--- RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper] Code: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8> RSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224 RDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280 RBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850 R10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000 R13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224 FS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000 ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-26700 is a vulnerability identified in the Linux kernel specifically within the AMD GPU driver subsystem, related to the Direct Rendering Manager (DRM) and display management components. The issue arises in the drm/amd/display code handling Multi-Stream Transport (MST) on Radeon (RV) platforms. The vulnerability manifests as a NULL pointer dereference error occurring in the drm_dp_atomic_find_time_slots function, which is part of the drm_display_helper module. This function is responsible for managing timing slots for DisplayPort MST, a technology that allows multiple displays to be driven from a single DisplayPort output. The NULL pointer dereference leads to a kernel oops (crash), causing the affected system to become unstable or crash entirely. The detailed kernel trace shows the fault triggered by a NULL pointer at address 0x8, indicating an attempt to access memory through an invalid pointer. This is specifically triggered during atomic mode-setting operations in the AMD GPU driver (amdgpu), which handles display configuration changes. The vulnerability affects Linux kernel versions including the 6.3.9-arch1-1 build and likely other versions using the affected AMD GPU driver code. The root cause is a missing or improper NULL pointer check in the MST handling code path, which can be triggered by certain display configurations or operations on Radeon hardware. While the vulnerability does not appear to have known exploits in the wild, it can cause denial of service by crashing the kernel, impacting system availability. No evidence suggests privilege escalation or arbitrary code execution directly from this flaw. The vulnerability was reserved in February 2024 and published in April 2024, with no CVSS score assigned yet. The patch involves adding proper NULL pointer checks and fixing the logic in drm_dp_atomic_find_time_slots to prevent dereferencing invalid pointers during MST operations on affected Radeon platforms.
Potential Impact
For European organizations, the primary impact of CVE-2024-26700 is a potential denial of service (DoS) condition on Linux systems running AMD Radeon GPUs with affected kernel versions. This can lead to unexpected system crashes, loss of availability, and disruption of critical services, especially in environments relying on Linux for workstations, servers, or embedded systems with AMD graphics hardware. Organizations using Linux-based desktops or workstations for graphical workloads, including design, engineering, or multimedia, may experience instability or downtime. Additionally, servers or infrastructure devices using AMD GPUs for compute or display purposes could be affected. While the vulnerability does not directly compromise confidentiality or integrity, the availability impact can disrupt business operations, cause data loss if unsaved work is lost during crashes, and increase operational costs due to system recovery efforts. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the kernel crash. European organizations with strict uptime requirements or those operating critical infrastructure should prioritize patching to maintain system stability and service continuity.
Mitigation Recommendations
1. Apply Kernel Updates: Immediately update Linux kernels to versions where the vulnerability is patched. Monitor Linux distribution advisories (e.g., Debian, Ubuntu, Red Hat, SUSE) for updated kernel packages containing the fix for CVE-2024-26700. 2. Limit Use of Affected Hardware: Where feasible, avoid using AMD Radeon GPUs on critical systems until patched kernels are deployed. 3. Disable MST if Not Required: If Multi-Stream Transport functionality is not needed, consider disabling MST support in the kernel or driver configuration to reduce attack surface. 4. Monitor System Logs: Implement monitoring for kernel oops or crashes related to drm or amdgpu modules to detect potential exploitation or accidental triggering. 5. Controlled Access: Restrict access to systems with AMD GPUs to trusted users and processes to minimize risk of intentional triggering. 6. Test Updates in Controlled Environments: Before deploying patches broadly, test updated kernels in staging environments to ensure compatibility and stability. 7. Backup Critical Data: Maintain regular backups to mitigate impact of unexpected crashes and data loss. 8. Engage with Vendors: For enterprise Linux distributions, coordinate with vendor support for timely patches and guidance specific to AMD GPU hardware.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.157Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe3876
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 6/29/2025, 5:27:48 PM
Last updated: 8/12/2025, 8:24:43 AM
Views: 10
Related Threats
CVE-2025-9060: CWE-20 Improper Input Validation in MSoft MFlash
CriticalCVE-2025-8675: CWE-918 Server-Side Request Forgery (SSRF) in Drupal AI SEO Link Advisor
UnknownCVE-2025-8362: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal GoogleTag Manager
UnknownCVE-2025-8361: CWE-962 Missing Authorization in Drupal Config Pages
UnknownCVE-2025-8092: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal COOKiES Consent Management
UnknownActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.