CVE-2024-26647: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-26647 affects the Linux kernel's AMD display driver, specifically in the drm/amd/display component. The vulnerability was discovered in the linksetdscppspacket() function where a NULL pointer dereference occurs due to improper validation sequence. The issue affects Linux kernel versions up to (excluding) 6.6.15 and versions from 6.7 up to (excluding) 6.7.3 (NVD).

The vulnerability is a NULL pointer dereference issue in the linksetdscppspacket() function within the AMD display driver. Specifically, the 'struct displaystreamcompressor *dsc' was being dereferenced in DCLOGGERINIT(dsc->ctx->logger) before performing the NULL pointer check on 'dsc'. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a system crash when exploited, resulting in a denial of service condition. The impact is limited to availability with no direct effect on confidentiality or integrity of the system (NVD).

The vulnerability has been fixed in the Linux kernel through patches that correct the NULL pointer check sequence. The fix involves restructuring the code to perform the NULL pointer check before attempting to dereference the pointer. Updates are available in kernel version 6.6.15 and 6.7.3 (Kernel Patch).