CVE-2024-43899: 
Linux Kernel vulnerability analysis and mitigation

A NULL pointer dereference vulnerability was discovered in the Linux kernel's AMD display driver (drm/amd/display) affecting versions up to (excluding) 6.10.5. The vulnerability (CVE-2024-43899) is triggered when running MPV media player with specific hardware acceleration options on a DCN401 dGPU and enabling fullscreen playback (Kernel Patch).

The vulnerability exists in the dcn20_resource.c file where a NULL pointer dereference occurs in the dcn20_get_dcc_compression_cap function. The issue manifests when attempting to access the get_dcc_compression_cap function pointer without proper NULL checking. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability causes a kernel NULL pointer dereference leading to a system hang. The issue specifically affects systems running the MPV media player with VAAPI hardware acceleration when attempting to switch to fullscreen mode (Kernel Patch).

The vulnerability has been fixed in Linux kernel version 6.10.5 and backported to stable kernels. The fix involves adding a NULL pointer check before accessing the get_dcc_compression_cap function pointer and returning false if the function pointer is NULL (Kernel Patch).