CVE-2024-49890: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49890 is a vulnerability in the Linux kernel affecting the AMD GPU driver's power management component. The issue was discovered and reported through Coverity scan, which identified a potential NULL pointer dereference in the drm/amd/pm firmware handling code. The vulnerability was disclosed on October 21, 2024, and affects multiple versions of the Linux kernel up to versions 5.10.227, 5.15.168, 6.1.113, 6.6.55, 6.10.14, and 6.11.3 (NVD).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) issue in the Linux kernel's AMD GPU driver. The problem occurs in the power management component where the fw_info pointer is not properly checked for NULL before being dereferenced. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access is required and the primary impact is on system availability (NVD).

The vulnerability can lead to a system crash due to NULL pointer dereference when accessing the firmware information structure in the AMD GPU driver's power management component. This primarily affects system availability and could potentially cause denial of service conditions (NVD).

The issue has been fixed in the Linux kernel through a patch that adds a NULL pointer check before using the fw_info pointer. The fix has been backported to multiple kernel versions and is available in the kernel updates for various distributions. Ubuntu has released fixes for multiple kernel versions including 5.15.0-127.137 for 22.04 LTS and 6.8.0-54.56 for 24.04 LTS (Ubuntu Security).