CVE-2024-49911: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49911 affects the Linux kernel's AMD display driver, specifically in the dcn20_set_output_transfer_func function. The vulnerability was discovered in July 2024 and involves a NULL pointer dereference issue in the drm/amd/display subsystem. The affected systems include Linux kernel versions up to 6.10.14 and from 6.11 up to 6.11.3 (NVD).

The vulnerability exists in the dcn20_set_output_transfer_func function where the set_output_gamma function pointer was being checked for NULL at line 1030, but then dereferenced without any NULL check at line 1048. This implementation could lead to a NULL pointer dereference error if set_output_gamma is NULL. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

The vulnerability could potentially lead to a denial of service condition through a system crash if exploited. The impact is limited to availability with no direct effect on confidentiality or integrity of the system (NVD).

The vulnerability has been patched by adding a NULL check for the set_output_gamma function pointer before dereferencing it. The fix has been implemented in various Linux kernel versions. Ubuntu users can update to linux-image-6.8.0-54-generic version 6.8.0-54.56 or later for Ubuntu 24.04, and linux-image-6.8.0-54-lowlatency version 6.8.0-54.56.1~22.04.1 or later for Ubuntu 22.04 (Ubuntu Notice).