How severe is CVE-2024-27040?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2024-27040?

This is classified as CWE-476, which is a common weakness in software security.

CVE-2024-27040

MEDIUM Year: 2024

CVSS v3 Score

4.7

Medium

Weakness Type

CWE-476

View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()' In the first if statement, we're checking if 'replay' is NULL. But in the second if statement, we're not checking if 'replay' is NULL again before calling replay->funcs->replay_set_power_opt(). if (replay == NULL && force_static) return false; ... if (link->replay_settings.replay_feature_enabled && replay->funcs->replay_set_power_opt) { replay->funcs->replay_set_power_opt(replay, *power_opts, panel_inst); link->replay_settings.replay_power_opt_active = *power_opts; } If 'replay' is NULL, this will cause a null pointer dereference. Fixes the below found by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:895 edp_set_replay_allow_active() error: we previously assumed 'replay' could be null (see line 887)

CVE-2005-3274

MEDIUM

CVSS:4.7(Medium)

Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a c...

CWE-4762005

CVE-2017-5969

MEDIUM

CVSS:4.7(Medium)

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a...

CWE-4762017

CVE-2018-1065

MEDIUM

CVSS:4.7(Medium)

The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service...

CWE-4762018

CVE-2018-5729

MEDIUM

CVSS:4.7(Medium)

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container che...

CWE-4762018

CVE-2019-10207

MEDIUM

CVSS:4.7(Medium)

A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth ...

CWE-4762019

CVE-2019-16230

MEDIUM

CVSS:4.7(Medium)

drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer state...

CWE-4762019

CVE-2024-27040

Vulnerability Description

Related Vulnerabilities

CVE-2005-3274

CVE-2017-5969

CVE-2018-1065

CVE-2018-5729

CVE-2019-10207

CVE-2019-16230