CVE-2024-49905: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49905 affects the Linux kernel's AMD GPU driver, specifically in the amdgpudmplanehandlecursor_update function. The vulnerability was discovered and disclosed on October 21, 2024, and involves a potential null pointer dereference in the AMD display driver. The issue affects Linux kernel versions up to 6.1.113, versions 6.2 through 6.6.55, versions 6.7 through 6.10.14, and versions 6.11 through 6.11.3 (NVD).

The vulnerability stems from a missing null check for the 'afb' variable in the amdgpudmplanehandlecursor_update function within the AMD display driver. The code previously assumed 'afb' could be null but used it later without verification, potentially leading to a null pointer dereference. The CVSS v3.1 base score is 5.5 (Medium), with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could lead to a null pointer dereference in the AMD display driver, potentially causing a system crash or denial of service condition. The impact is limited to systems running affected versions of the Linux kernel with AMD graphics hardware (NVD).

The vulnerability has been patched in the Linux kernel. The fix adds a null check for the 'afb' variable before its use in the amdgpudmplanehandlecursor_update function. Ubuntu has released fixes for versions 24.10 (oracular) and 24.04 LTS (noble), with updates pending for other affected versions (Ubuntu).