CVE-2024-46714: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46714 is a vulnerability in the Linux kernel affecting the AMD display driver component. The issue was discovered and reported through Coverity scan, which identified potential NULL pointer dereference issues in the drm/amd/display subsystem. The vulnerability was disclosed on September 18, 2024, and affects multiple versions of the Linux kernel from 5.4 through 6.10 (NVD).

The vulnerability exists in the wbsclsetscalerfilter function within the AMD display driver (dcn20dwbscl.c). The issue occurs when callers pass a null filter parameter, particularly when returned from the wbsclgetfiltercoeffs_16p function. The vulnerability is classified as CWE-476 (NULL Pointer Dereference) and has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could lead to a NULL pointer dereference in the Linux kernel's AMD display driver component, potentially causing system instability or denial of service conditions. The impact is limited to systems using affected AMD display hardware (NVD).

The vulnerability has been patched in multiple Linux kernel versions. The fix involves adding a null check before accessing the filter parameter in the wbsclsetscaler_filter function. Fixed versions include Linux kernel 5.4.284, 5.10.226, 5.15.167, 6.1.109, and 6.10.9. Users are advised to update to the patched versions (Kernel Patch).