CVE-2024-27040: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()' In the first if statement, we're checking if 'replay' is NULL. But in the second if statement, we're not checking if 'replay' is NULL again before calling replay->funcs->replay_set_power_opt(). if (replay == NULL && force_static) return false; ... if (link->replay_settings.replay_feature_enabled && replay->funcs->replay_set_power_opt) { replay->funcs->replay_set_power_opt(replay, *power_opts, panel_inst); link->replay_settings.replay_power_opt_active = *power_opts; } If 'replay' is NULL, this will cause a null pointer dereference. Fixes the below found by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:895 edp_set_replay_allow_active() error: we previously assumed 'replay' could be null (see line 887)
AI Analysis
Technical Summary
CVE-2024-27040 is a medium-severity vulnerability identified in the Linux kernel, specifically within the AMD GPU driver code responsible for display management (drm/amd/display). The flaw arises from insufficient null pointer checks in the function edp_set_replay_allow_active(), which handles eDP (embedded DisplayPort) panel control related to replay features. The vulnerability occurs because the code checks if the 'replay' pointer is NULL in one conditional branch but fails to re-validate this before dereferencing 'replay->funcs->replay_set_power_opt()' in a subsequent conditional. If 'replay' is NULL, this results in a null pointer dereference, causing a kernel crash or denial of service (DoS). This issue was detected by static analysis (smatch) and fixed by adding the missing NULL check. The affected code is part of the AMD GPU display driver stack, which is included in the mainline Linux kernel and used in many Linux distributions. The CVSS v3.1 base score is 4.7 (medium), reflecting that the attack vector is local (AV:L), requires low privileges (PR:L), no user interaction (UI:N), and impacts availability only (A:H), without affecting confidentiality or integrity. No known exploits are currently reported in the wild. The vulnerability is relevant to Linux kernel versions containing the affected commit hashes, which correspond to recent kernel releases before the patch. This vulnerability does not allow remote code execution or privilege escalation but can cause system instability or crashes when triggered by local users or processes interacting with the AMD GPU display driver. It is primarily a denial-of-service vector affecting system availability.
Potential Impact
For European organizations, the impact of CVE-2024-27040 is primarily related to system availability and stability on Linux systems using AMD GPUs with the affected kernel versions. Organizations relying on Linux servers, workstations, or embedded devices with AMD graphics hardware could experience unexpected kernel crashes or reboots if the vulnerability is triggered. This could disrupt critical services, especially in environments where high availability is required, such as data centers, cloud providers, research institutions, and enterprises using Linux-based infrastructure. Although the vulnerability requires local access and low privileges, it could be exploited by malicious insiders or compromised accounts to cause denial of service. The impact is less severe for organizations that do not use AMD GPUs or have already applied kernel updates. Since the vulnerability does not affect confidentiality or integrity, the risk is limited to availability disruptions. However, availability issues in critical infrastructure or production environments can lead to operational downtime, financial losses, and reputational damage. European organizations with strict uptime requirements or those operating in sectors like finance, healthcare, or telecommunications should prioritize mitigation to avoid service interruptions.
Mitigation Recommendations
To mitigate CVE-2024-27040, European organizations should: 1) Apply the latest Linux kernel updates that include the patch fixing the null pointer dereference in the AMD GPU driver. This is the most effective and direct mitigation. 2) For environments where immediate kernel upgrades are not feasible, consider disabling or limiting the use of AMD GPU replay features if configurable, or restrict access to the affected driver interfaces to trusted users only. 3) Implement strict access controls and monitoring on systems with AMD GPUs to detect and prevent unauthorized local access or suspicious activity that could trigger the vulnerability. 4) Use kernel hardening features such as kernel lockdown, SELinux/AppArmor policies, and seccomp filters to reduce the attack surface and limit the ability of unprivileged users to interact with kernel drivers. 5) Maintain comprehensive system and kernel crash monitoring to quickly detect and respond to any instability potentially caused by this vulnerability. 6) Coordinate with hardware and Linux distribution vendors to ensure timely receipt and deployment of security patches. 7) Conduct vulnerability scanning and inventory management to identify all Linux systems with AMD GPUs and verify patch status across the organization.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-27040: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()' In the first if statement, we're checking if 'replay' is NULL. But in the second if statement, we're not checking if 'replay' is NULL again before calling replay->funcs->replay_set_power_opt(). if (replay == NULL && force_static) return false; ... if (link->replay_settings.replay_feature_enabled && replay->funcs->replay_set_power_opt) { replay->funcs->replay_set_power_opt(replay, *power_opts, panel_inst); link->replay_settings.replay_power_opt_active = *power_opts; } If 'replay' is NULL, this will cause a null pointer dereference. Fixes the below found by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:895 edp_set_replay_allow_active() error: we previously assumed 'replay' could be null (see line 887)
AI-Powered Analysis
Technical Analysis
CVE-2024-27040 is a medium-severity vulnerability identified in the Linux kernel, specifically within the AMD GPU driver code responsible for display management (drm/amd/display). The flaw arises from insufficient null pointer checks in the function edp_set_replay_allow_active(), which handles eDP (embedded DisplayPort) panel control related to replay features. The vulnerability occurs because the code checks if the 'replay' pointer is NULL in one conditional branch but fails to re-validate this before dereferencing 'replay->funcs->replay_set_power_opt()' in a subsequent conditional. If 'replay' is NULL, this results in a null pointer dereference, causing a kernel crash or denial of service (DoS). This issue was detected by static analysis (smatch) and fixed by adding the missing NULL check. The affected code is part of the AMD GPU display driver stack, which is included in the mainline Linux kernel and used in many Linux distributions. The CVSS v3.1 base score is 4.7 (medium), reflecting that the attack vector is local (AV:L), requires low privileges (PR:L), no user interaction (UI:N), and impacts availability only (A:H), without affecting confidentiality or integrity. No known exploits are currently reported in the wild. The vulnerability is relevant to Linux kernel versions containing the affected commit hashes, which correspond to recent kernel releases before the patch. This vulnerability does not allow remote code execution or privilege escalation but can cause system instability or crashes when triggered by local users or processes interacting with the AMD GPU display driver. It is primarily a denial-of-service vector affecting system availability.
Potential Impact
For European organizations, the impact of CVE-2024-27040 is primarily related to system availability and stability on Linux systems using AMD GPUs with the affected kernel versions. Organizations relying on Linux servers, workstations, or embedded devices with AMD graphics hardware could experience unexpected kernel crashes or reboots if the vulnerability is triggered. This could disrupt critical services, especially in environments where high availability is required, such as data centers, cloud providers, research institutions, and enterprises using Linux-based infrastructure. Although the vulnerability requires local access and low privileges, it could be exploited by malicious insiders or compromised accounts to cause denial of service. The impact is less severe for organizations that do not use AMD GPUs or have already applied kernel updates. Since the vulnerability does not affect confidentiality or integrity, the risk is limited to availability disruptions. However, availability issues in critical infrastructure or production environments can lead to operational downtime, financial losses, and reputational damage. European organizations with strict uptime requirements or those operating in sectors like finance, healthcare, or telecommunications should prioritize mitigation to avoid service interruptions.
Mitigation Recommendations
To mitigate CVE-2024-27040, European organizations should: 1) Apply the latest Linux kernel updates that include the patch fixing the null pointer dereference in the AMD GPU driver. This is the most effective and direct mitigation. 2) For environments where immediate kernel upgrades are not feasible, consider disabling or limiting the use of AMD GPU replay features if configurable, or restrict access to the affected driver interfaces to trusted users only. 3) Implement strict access controls and monitoring on systems with AMD GPUs to detect and prevent unauthorized local access or suspicious activity that could trigger the vulnerability. 4) Use kernel hardening features such as kernel lockdown, SELinux/AppArmor policies, and seccomp filters to reduce the attack surface and limit the ability of unprivileged users to interact with kernel drivers. 5) Maintain comprehensive system and kernel crash monitoring to quickly detect and respond to any instability potentially caused by this vulnerability. 6) Coordinate with hardware and Linux distribution vendors to ensure timely receipt and deployment of security patches. 7) Conduct vulnerability scanning and inventory management to identify all Linux systems with AMD GPUs and verify patch status across the organization.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.212Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe319f
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 6/29/2025, 2:41:05 PM
Last updated: 7/26/2025, 1:29:04 AM
Views: 10
Related Threats
CVE-2025-8863: CWE-319 Cleartext Transmission of Sensitive Information in YugabyteDB Inc YugabyteDB
HighCVE-2025-8847: Cross Site Scripting in yangzongzhuan RuoYi
MediumCVE-2025-8839: Improper Authorization in jshERP
MediumCVE-2025-8862: CWE-201 Insertion of Sensitive Information Into Sent Data in YugabyteDB Inc YugabyteDB
HighCVE-2025-8846: Stack-based Buffer Overflow in NASM Netwide Assember
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.