CVE-2024-49879: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49879 is a vulnerability in the Linux kernel's OMAP DRM (Direct Rendering Manager) driver that was discovered and disclosed on October 21, 2024. The vulnerability stems from a missing check for the allocorderedworkqueue function return value in the OMAP DRM driver, which could potentially lead to a NULL pointer dereference (NVD). This vulnerability affects Linux kernel versions from 4.11 up to versions before 5.10.227, 5.15.168, 6.1.113, and 6.6.55.

The vulnerability exists in the OMAP DRM driver's initialization routine where the allocorderedworkqueue function is called without proper error checking. The function may return a NULL pointer, and without proper validation, this could lead to a NULL pointer dereference. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access is required and the primary impact is on system availability (NVD).

The vulnerability can cause a NULL pointer dereference in the Linux kernel's OMAP DRM driver, which could lead to system crashes or denial of service conditions. The impact is limited to systems using the affected OMAP DRM driver components (NVD).

The vulnerability has been fixed through a patch that adds proper error checking for the allocorderedworkqueue function return value. The fix has been implemented across multiple Linux kernel versions, including backports to stable branches. Users should update their Linux kernel to versions 5.10.227, 5.15.168, 6.1.113, 6.6.55 or later to address this vulnerability (Kernel Patch).