CVE-2024-58073 in Linux
Summary
by MITRE • 03/06/2025
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp
Similar to the r_pipe sspp protect, add a check to protect the pipe state prints to avoid NULL ptr dereference for cases when the state is dumped without a corresponding atomic_check() where the pipe->sspp is assigned.
Patchwork: https://patchwork.freedesktop.org/patch/628404/
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/16/2026
The vulnerability CVE-2024-58073 affects the Linux kernel's display subsystem, specifically within the drm/msm/dpu driver component. This issue represents a potential null pointer dereference condition that could occur during the execution of display state printing operations. The problem manifests when the dpu_plane_atomic_print_state() function attempts to access pipe state information without proper validation of the sspp (super sample pipe) pointer, leading to a system crash or denial of service condition.
The technical flaw stems from insufficient input validation within the display plane atomic state printing mechanism. When the system attempts to dump display pipe state information, it calls the dpu_plane_atomic_print_state() function which directly accesses the pipe->sspp pointer without first verifying whether this pointer has been properly initialized through the atomic_check() process. This oversight creates a scenario where the function may attempt to dereference a NULL pointer, resulting in an immediate system crash or unpredictable behavior. The vulnerability is particularly concerning because it occurs during diagnostic or debugging operations that should not compromise system stability.
The operational impact of this vulnerability extends beyond simple system crashes, as it affects the reliability and maintainability of display subsystem operations in embedded and mobile devices that utilize the msm drm driver. When this condition occurs, it can cause complete system hangs or require manual intervention to restore normal operation, potentially affecting user experience and device availability. The vulnerability is especially problematic in production environments where automated diagnostics or logging mechanisms might trigger the problematic code path during normal operation, leading to unexpected service interruptions and potential data loss.
Mitigation strategies for CVE-2024-58073 involve implementing proper pointer validation before accessing the sspp structure within the dpu_plane_atomic_print_state() function. The fix follows established security practices by adding a conditional check to verify that the sspp pointer is valid before attempting to access its members. This approach aligns with common software security principles and addresses the underlying cause of the vulnerability. The fix also demonstrates adherence to CWE-476 which addresses null pointer dereference conditions, and follows ATT&CK techniques related to system service disruption and denial of service attacks. Organizations should prioritize applying the official kernel patch that implements this validation check, ensuring that all affected systems receive the security update to prevent exploitation of this vulnerability during normal system operations or diagnostic procedures.