CVE-2024-49922: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49922 affects the Linux kernel's AMD display driver (drm/amd/display). The vulnerability was discovered when null pointers were found to be potentially dereferenced in the AMD display driver code. The issue affects Linux kernel versions up to (excluding) 6.10.14 and versions from (including) 6.11 up to (excluding) 6.11.3 (NVD).

The vulnerability stems from insufficient null pointer checks in the AMD display driver. Specifically, certain pointers that were previously null-checked in functions could potentially be null when used again later in the same function. This issue was identified by Coverity static analysis tool and affects three FORWARD_NULL cases in the driver code (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could lead to a system crash (denial of service) if exploited, due to null pointer dereference in the AMD display driver. The impact is limited to systems running affected versions of the Linux kernel with AMD graphics hardware (NVD).

The vulnerability has been patched in the Linux kernel. Users should update to kernel version 6.10.14 or later, or 6.11.3 or later. The fix involves adding proper null pointer checks before using potentially null pointers in the AMD display driver code (Kernel Patch).