CVE-2024-50117: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ``` ? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1)) ? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434) ? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2)) ? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1)) ? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642) ? exc_page_fault (arch/x86/mm/fault.c:1542) ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623) ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminator 2)) amdgpu ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminator 1)) amdgpu ``` It has been encountered on at least one system, so guard for it. (cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee)
AI Analysis
Technical Summary
CVE-2024-50117 is a vulnerability identified in the Linux kernel, specifically within the AMD GPU driver component that handles ACPI (Advanced Configuration and Power Interface) interactions. The flaw arises when the BIOS provides malformed or unexpected data in response to an ATIF (ATI Function) ACPI method call. This bad data leads to a NULL pointer dereference in the kernel code path, particularly in the function amdgpu_atif_query_backlight_caps, which queries backlight capabilities of AMD GPUs. The NULL pointer dereference triggers a kernel page fault, causing the affected system to crash or become unstable. The vulnerability is rooted in insufficient validation of BIOS-supplied data before dereferencing pointers, which is a common source of kernel-level faults. The stack trace provided shows the fault propagating through standard kernel exception handling routines, culminating in a page fault in the AMD GPU driver. This issue has been observed on at least one system, prompting the Linux kernel maintainers to patch the vulnerability by adding proper guards against bad data. The vulnerability affects Linux kernel versions identified by the commit hash d38ceaf99ed015f2a0b9af3499791bd3a3daae21 and likely other versions prior to the patch. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability requires interaction with the ACPI subsystem and the presence of an AMD GPU using the affected driver, and it is triggered by BIOS-provided data, which may vary by hardware vendor and model.
Potential Impact
For European organizations, the impact of CVE-2024-50117 can be significant, particularly for those relying on Linux systems with AMD GPUs in their infrastructure. The vulnerability can lead to system crashes or denial of service (DoS) conditions, affecting availability of critical services. This is especially relevant for data centers, cloud providers, and enterprises running Linux-based servers or workstations with AMD graphics hardware. The fault arises from BIOS data, so systems with vulnerable or improperly configured BIOS firmware are at risk. While the vulnerability does not appear to allow privilege escalation or remote code execution, the resulting kernel panic can disrupt operations, cause downtime, and potentially lead to data loss if systems are not properly backed up. Organizations in sectors such as finance, healthcare, manufacturing, and government, which often use Linux for its stability and security, could face operational interruptions. Additionally, the need to update the kernel or apply patches may require planned maintenance windows, impacting service availability. Since no known exploits are currently in the wild, the immediate risk is moderate, but the presence of the vulnerability in widely used Linux kernels means that attackers could develop exploits in the future, increasing risk over time.
Mitigation Recommendations
European organizations should take proactive steps to mitigate CVE-2024-50117 beyond generic patching advice: 1) Identify all Linux systems using AMD GPUs and verify their kernel versions against the patched commit (d38ceaf99ed015f2a0b9af3499791bd3a3daae21). 2) Prioritize updating Linux kernels to versions that include the fix for this vulnerability. If immediate kernel upgrades are not feasible, consider temporarily disabling or unloading the AMD GPU driver module if the GPU is not critical for operations. 3) Review BIOS firmware versions on affected systems and coordinate with hardware vendors to ensure BIOS updates are applied that do not provide malformed ACPI data. 4) Implement monitoring for kernel panics or crashes related to GPU or ACPI subsystems to detect potential exploitation attempts or instability. 5) For critical systems, conduct controlled testing of the patched kernel to ensure stability and compatibility before wide deployment. 6) Maintain robust backup and recovery procedures to minimize impact from potential DoS conditions. 7) Engage with hardware vendors and Linux distribution maintainers for guidance and timely updates. 8) Consider isolating vulnerable systems in network segments with limited exposure until patches are applied to reduce attack surface.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-50117: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ``` ? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1)) ? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434) ? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2)) ? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1)) ? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642) ? exc_page_fault (arch/x86/mm/fault.c:1542) ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623) ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminator 2)) amdgpu ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminator 1)) amdgpu ``` It has been encountered on at least one system, so guard for it. (cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee)
AI-Powered Analysis
Technical Analysis
CVE-2024-50117 is a vulnerability identified in the Linux kernel, specifically within the AMD GPU driver component that handles ACPI (Advanced Configuration and Power Interface) interactions. The flaw arises when the BIOS provides malformed or unexpected data in response to an ATIF (ATI Function) ACPI method call. This bad data leads to a NULL pointer dereference in the kernel code path, particularly in the function amdgpu_atif_query_backlight_caps, which queries backlight capabilities of AMD GPUs. The NULL pointer dereference triggers a kernel page fault, causing the affected system to crash or become unstable. The vulnerability is rooted in insufficient validation of BIOS-supplied data before dereferencing pointers, which is a common source of kernel-level faults. The stack trace provided shows the fault propagating through standard kernel exception handling routines, culminating in a page fault in the AMD GPU driver. This issue has been observed on at least one system, prompting the Linux kernel maintainers to patch the vulnerability by adding proper guards against bad data. The vulnerability affects Linux kernel versions identified by the commit hash d38ceaf99ed015f2a0b9af3499791bd3a3daae21 and likely other versions prior to the patch. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability requires interaction with the ACPI subsystem and the presence of an AMD GPU using the affected driver, and it is triggered by BIOS-provided data, which may vary by hardware vendor and model.
Potential Impact
For European organizations, the impact of CVE-2024-50117 can be significant, particularly for those relying on Linux systems with AMD GPUs in their infrastructure. The vulnerability can lead to system crashes or denial of service (DoS) conditions, affecting availability of critical services. This is especially relevant for data centers, cloud providers, and enterprises running Linux-based servers or workstations with AMD graphics hardware. The fault arises from BIOS data, so systems with vulnerable or improperly configured BIOS firmware are at risk. While the vulnerability does not appear to allow privilege escalation or remote code execution, the resulting kernel panic can disrupt operations, cause downtime, and potentially lead to data loss if systems are not properly backed up. Organizations in sectors such as finance, healthcare, manufacturing, and government, which often use Linux for its stability and security, could face operational interruptions. Additionally, the need to update the kernel or apply patches may require planned maintenance windows, impacting service availability. Since no known exploits are currently in the wild, the immediate risk is moderate, but the presence of the vulnerability in widely used Linux kernels means that attackers could develop exploits in the future, increasing risk over time.
Mitigation Recommendations
European organizations should take proactive steps to mitigate CVE-2024-50117 beyond generic patching advice: 1) Identify all Linux systems using AMD GPUs and verify their kernel versions against the patched commit (d38ceaf99ed015f2a0b9af3499791bd3a3daae21). 2) Prioritize updating Linux kernels to versions that include the fix for this vulnerability. If immediate kernel upgrades are not feasible, consider temporarily disabling or unloading the AMD GPU driver module if the GPU is not critical for operations. 3) Review BIOS firmware versions on affected systems and coordinate with hardware vendors to ensure BIOS updates are applied that do not provide malformed ACPI data. 4) Implement monitoring for kernel panics or crashes related to GPU or ACPI subsystems to detect potential exploitation attempts or instability. 5) For critical systems, conduct controlled testing of the patched kernel to ensure stability and compatibility before wide deployment. 6) Maintain robust backup and recovery procedures to minimize impact from potential DoS conditions. 7) Engage with hardware vendors and Linux distribution maintainers for guidance and timely updates. 8) Consider isolating vulnerable systems in network segments with limited exposure until patches are applied to reduce attack surface.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.948Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbdffce
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 5:26:24 PM
Last updated: 7/27/2025, 11:47:21 AM
Views: 10
Related Threats
CVE-2025-7622: CWE-918: Server-Side Request Forgery (SSRF) in Axis Communications AB AXIS Camera Station Pro
MediumCVE-2025-8314: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in emarket-design Project Management, Bug and Issue Tracking Plugin – Software Issue Manager
MediumCVE-2025-8059: CWE-862 Missing Authorization in bplugins B Blocks – The ultimate block collection
CriticalCVE-2025-8690: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in addix Simple Responsive Slider
MediumCVE-2025-8688: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ebernstein Inline Stock Quotes
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.