CVE-2024-49912: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49912 affects the Linux kernel's AMD display driver, specifically in the handling of null 'streamstatus' in the 'planeschangedforexisting_stream' function. The vulnerability was discovered and reported by the smatch tool, with the initial disclosure on October 21, 2024. The issue affects multiple versions of the Linux kernel up to versions 6.1.113, 6.6.55, 6.10.14, and 6.11.3 (NVD).

The vulnerability stems from improper null pointer handling in the AMD display driver's dcresource.c file. Specifically, the code assumed 'streamstatus' could be null but did not properly handle the case where it was actually null, potentially leading to a null pointer dereference. The issue was identified at line 3784 in drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_resource.c. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a null pointer dereference in the Linux kernel's AMD display driver, potentially resulting in a system crash or denial of service condition. The impact is limited to systems running affected versions of the Linux kernel with AMD graphics hardware (NVD).

The vulnerability has been fixed through patches that add proper null pointer checking. The fix has been implemented in various kernel versions, including 6.11.0-18.18 for Ubuntu 24.10 and 6.8.0-54.56 for Ubuntu 24.04 LTS. Users are advised to update their systems to the patched versions (Ubuntu).