CVE-2024-50049: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50049 is a vulnerability in the Linux kernel affecting the AMD display driver (drm/amd/display). The issue was discovered and reported through Coverity scan, which identified a potential NULL pointer dereference in the driver's code. The vulnerability was disclosed on October 21, 2024, and affects multiple versions of the Linux kernel from version 5.10 up to version 6.11.4 (NVD).

The vulnerability is a NULL pointer dereference issue (CWE-476) in the AMD display driver's code. The specific issue occurs in the dc_validate_boot_timing function where a variable 'se' is checked for NULL earlier in the function but not before a subsequent dereference. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could lead to a system crash due to NULL pointer dereference in the AMD display driver. The impact is limited to availability (High impact on Availability, no impact on Confidentiality or Integrity), requiring local access with low privileges to exploit (NVD).

The vulnerability has been fixed in various Linux kernel versions. The fix involves adding an additional NULL check before dereferencing the 'se' pointer. Multiple patches have been released for different kernel versions, including 5.15.0-127.137 for Ubuntu 22.04 LTS and other corresponding versions for different distributions (Ubuntu).