CVE-2024-38549 in Linux
Summary
by MITRE • 06/19/2024
In the Linux kernel, the following vulnerability has been resolved:
drm/mediatek: Add 0 size check to mtk_drm_gem_obj
Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to allocate a 0x0 GBM buffer.
Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and verifying that we now return EINVAL.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 10/04/2025
The vulnerability identified as CVE-2024-38549 resides within the Linux kernel's display subsystem, specifically in the mediatek drm driver implementation. This issue affects devices utilizing the mt8188 chipset and represents a classic case of insufficient input validation that can lead to system instability. The vulnerability manifests when userspace applications attempt to allocate Graphics Execution Manager (GEM) objects with zero byte size, a scenario that should logically be rejected by the kernel's resource management layer. The absence of proper validation allows such malformed requests to proceed through the allocation pipeline, ultimately resulting in kernel panic conditions that compromise system stability and availability.
The technical flaw stems from the lack of size validation within the mtk_drm_gem_init function, which is responsible for initializing GEM objects for the mediatek display driver. When a userspace application requests a 0x0 GBM (Generic Buffer Manager) buffer, the kernel's current implementation fails to check whether the requested size is valid before proceeding with allocation operations. This oversight creates a condition where the driver attempts to process an invalid memory allocation request, leading to undefined behavior and system crashes. The vulnerability directly maps to CWE-129, which addresses insufficient validation of the length of input data, and specifically relates to improper input validation in kernel space memory management operations.
The operational impact of this vulnerability extends beyond simple system crashes to potentially enable denial of service attacks against systems running affected kernel versions. An attacker could exploit this weakness by crafting malicious applications that repeatedly attempt to allocate zero-sized GEM objects, effectively exhausting system resources or causing repeated kernel panics. This type of exploitation aligns with ATT&CK technique T1499.004, which covers network denial of service attacks through resource exhaustion. The vulnerability affects embedded systems and mobile devices that utilize the mediatek mt8188 chipset, particularly those running Linux-based operating systems with the affected drm driver implementation.
The fix implemented for CVE-2024-38549 introduces a simple but critical validation check that prevents allocation of GEM objects with zero byte size. This solution follows the principle of input validation and early rejection of invalid parameters, which is a fundamental security practice in kernel development. The mitigation ensures that when a userspace application attempts to allocate a 0x0 GBM buffer, the kernel now properly returns an EINVAL error code instead of proceeding with invalid allocation operations that would eventually cause system crashes. This approach aligns with the principle of least privilege and defensive programming, where invalid inputs are rejected before they can cause harm to system stability. The fix has been validated through testing on MT8188 hardware, confirming that the kernel now properly handles zero-sized buffer allocation requests by returning appropriate error codes rather than panicking.