CVE-2024-49901

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-49901

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49901.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-49901

Downstream

BELL-CVE-2024-49901

DEBIAN-CVE-2024-49901

ECHO-f654-768a-aae5

OESA-2024-2367

SUSE-SU-2024:3983-1

SUSE-SU-2024:3984-1

SUSE-SU-2024:3985-1

SUSE-SU-2024:4100-1

SUSE-SU-2024:4314-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4387-1

SUSE-SU-2025:0034-1

UBUNTU-CVE-2024-49901

USN-7301-1

USN-7303-1

USN-7303-2

USN-7303-3

USN-7304-1

USN-7310-1

USN-7311-1

USN-7384-1

USN-7384-2

USN-7385-1

USN-7386-1

USN-7403-1

USN-7468-1

openSUSE-SU-2024:14500-1

openSUSE-SU-2025:14705-1

Related

Published

2024-10-21T18:15:12Z

Modified

2025-08-09T20:01:25Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs

There are some cases, such as the one uncovered by Commit 46d4efcccc68 ("drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails") where

msmgpucleanup() : platformsetdrvdata(gpu->pdev, NULL);

is called on gpu->pdev == NULL, as the GPU device has not been fully initialized yet.

Turns out that there's more than just the aforementioned path that causes this to happen (e.g. the case when there's speedbin data in the catalog, but opp-supported-hw is missing in DT).

Assigning msm_gpu->pdev earlier seems like the least painful solution to this, therefore do so.

Patchwork: https://patchwork.freedesktop.org/patch/602742/

References

Affected packages