CVE-2024-43899 in Linuxinfo

Summary

by MITRE • 08/26/2024

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix null pointer deref in dcn20_resource.c

Fixes a hang thats triggered when MPV is run on a DCN401 dGPU:

mpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all

and then enabling fullscreen playback (double click on the video)

The following calltrace will be seen:

[ 181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 181.843997] #PF: supervisor instruction fetch in kernel mode
[ 181.844003] #PF: error_code(0x0010) - not-present page
[ 181.844009] PGD 0 P4D 0
[ 181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI
[ 181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu
[ 181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018
[ 181.844044] RIP: 0010:0x0
[ 181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246
[ 181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004
[ 181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400
[ 181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c
[ 181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8
[ 181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005
[ 181.844121] FS: 00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000
[ 181.844128] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0
[ 181.844141] Call Trace:
[ 181.844146] <TASK>
[ 181.844153] ? show_regs+0x6d/0x80
[ 181.844167] ? __die+0x24/0x80
[ 181.844179] ? page_fault_oops+0x99/0x1b0
[ 181.844192] ? do_user_addr_fault+0x31d/0x6b0
[ 181.844204] ? exc_page_fault+0x83/0x1b0
[ 181.844216] ? asm_exc_page_fault+0x27/0x30
[ 181.844237] dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu]
[ 181.845115] amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu]
[ 181.845985] amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu]
[ 181.846848] fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu]
[ 181.847734] fill_dc_plane_attributes+0x162/0x350 [amdgpu]
[ 181.848748] dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]
[ 181.849791] ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu]
[ 181.850840] amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 01/11/2026

The vulnerability described in CVE-2024-43899 represents a critical null pointer dereference within the Linux kernel's AMD GPU display driver component, specifically affecting the drm/amd/display subsystem. This flaw manifests when executing hardware-accelerated video playback through the mpv media player with specific configuration parameters on systems equipped with DCN401 discrete graphics processors. The issue stems from improper handling of display resource management during plane state updates, leading to a kernel panic and system hang when attempting to enable fullscreen video playback. The call trace indicates the fault occurs in the dcn20_get_dcc_compression_cap function within the amdgpu kernel module, where a null pointer is accessed during the validation of display plane attributes.

This vulnerability aligns with CWE-476, which categorizes null pointer dereference issues as a common class of software defects that can lead to system crashes and potential privilege escalation. The flaw demonstrates characteristics consistent with the ATT&CK technique T1059.001, where kernel-level code execution paths can be exploited to cause system instability through improper memory handling. The attack surface is particularly relevant for Linux desktop environments using AMD graphics hardware, where users might be running multimedia applications with hardware acceleration enabled. The specific trigger involves the interaction between the mpv player's hardware decoding capabilities and the AMD GPU driver's display plane management functions, creating a scenario where a null pointer reference is not properly validated before access.

The operational impact of this vulnerability extends beyond simple system hangs to potentially compromising the stability of desktop environments and multimedia applications. When the kernel encounters the null pointer dereference, it generates a kernel oops and subsequently crashes the system, requiring manual reboot to restore functionality. This behavior is particularly problematic in user-facing environments where system stability is paramount, as it can result in data loss and disruption of user workflows. The vulnerability affects systems running kernel versions 6.5.0-41-generic and related Ubuntu 22.04 LTS releases, making it relevant to a significant portion of desktop Linux installations using AMD graphics hardware. The specific conditions required to trigger the flaw - namely the combination of mpv with vaapi hardware decoding and fullscreen playback - indicate that this vulnerability primarily impacts multimedia users rather than general system administrators.

Mitigation strategies for this vulnerability should focus on applying the kernel patch provided by the Linux kernel maintainers, which resolves the null pointer dereference by properly validating display resource pointers before access. System administrators should prioritize updating to kernel versions that include the fix, particularly those incorporating the drm/amd/display subsystem improvements. For environments where immediate kernel updates are not feasible, users can avoid triggering the vulnerability by disabling hardware acceleration in mpv or using alternative video playback configurations. The fix implemented in the amdgpu driver addresses the core issue by ensuring proper initialization of display plane attributes and adding null checks in the dcn20_get_dcc_compression_cap function. Organizations should also consider implementing monitoring for kernel oops messages and system crashes related to the amdgpu module to detect potential exploitation attempts. Additionally, security teams should review their desktop management policies to ensure timely patch deployment and user education regarding safe multimedia application usage patterns that avoid triggering known kernel-level vulnerabilities.

Responsible

Linux

Reservation

08/17/2024

Disclosure

08/26/2024

Moderation

accepted

CPE

ready

EPSS

0.00211

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!