CVE-2024-58052 in Linux
Summary
by MITRE • 03/06/2025
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
The function atomctrl_get_smc_sclk_range_table() does not check the return value of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to retrieve SMU_Info table, it returns NULL which is later dereferenced.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
In practice this should never happen as this code only gets called on polaris chips and the vbios data table will always be present on those chips.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 01/21/2026
The vulnerability identified as CVE-2024-58052 represents a potential null pointer dereference in the Linux kernel's AMDGPU display driver component. This issue resides within the drm/amdgpu subsystem where the atomctrl_get_smc_sclk_range_table() function fails to properly validate the return value from smu_atom_get_data_table(). When the latter function encounters a failure during SMU_Info table retrieval, it returns a null pointer which subsequently gets dereferenced by the calling function. The vulnerability was discovered through systematic analysis by the Linux Verification Center using SVACE verification tools, highlighting a critical oversight in error handling procedures within the graphics driver codebase.
The technical flaw stems from inadequate input validation and error handling practices within the AMDGPU driver's power management subsystem. The atomctrl_get_smc_sclk_range_table() function assumes that smu_atom_get_data_table() will always succeed in retrieving the necessary SMU_Info table data, particularly on polaris generation graphics chips where this code path is specifically invoked. This assumption creates a dangerous condition where a null pointer dereference can occur if the underlying data table retrieval mechanism fails, potentially leading to system crashes or unexpected behavior. The vulnerability manifests as a classic null pointer dereference error, which according to CWE-476 represents a null pointer dereference condition where a null pointer is dereferenced, leading to system instability.
From an operational perspective, this vulnerability poses significant risks to Linux systems utilizing AMDGPU graphics hardware, particularly those running on polaris generation chips. The potential impact includes system crashes, kernel panics, and denial of service conditions that could affect graphics rendering capabilities and overall system stability. While the vulnerability is limited to specific hardware configurations, the nature of graphics drivers makes this a critical concern as it can affect user experience and system reliability. The issue aligns with ATT&CK technique T1547.001 which involves the exploitation of kernel-mode drivers to achieve privilege escalation or system compromise. The vulnerability's detection through automated verification tools like SVACE demonstrates the importance of systematic code analysis in identifying such subtle but dangerous error conditions in kernel space code.
The mitigation strategy for this vulnerability involves implementing proper error handling within the atomctrl_get_smc_sclk_range_table() function to validate the return value from smu_atom_get_data_table() before proceeding with subsequent operations. This requires adding appropriate null checks and error handling logic to ensure that the function gracefully handles cases where the SMU_Info table cannot be retrieved. The fix should follow established kernel development practices for error handling and resource management, ensuring that all potential failure points are properly addressed. Additionally, the code should be reviewed for similar patterns throughout the driver codebase to identify and address other potential null pointer dereference vulnerabilities. System administrators should ensure that affected systems are updated with patches that address this specific vulnerability, particularly in environments where graphics performance and system stability are critical requirements.