CVE-2024-50117: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50117 affects the Linux kernel's AMD GPU driver, specifically related to the ATIF ACPI method handling. The vulnerability was discovered when a BIOS provides bad data in response to an ATIF method call, causing a NULL pointer dereference in the caller. This issue affects Linux kernel versions from 4.2 up to versions before 6.11.6 (NVD).

The vulnerability occurs in the AMD GPU driver's ACPI method handling code (drivers/gpu/drm/amd/amdgpu/amdgpuacpi.c). When the ATIF ACPI method is called, improper validation of the returned object type can lead to a NULL pointer dereference. The issue manifests in the amdgpuatifquerybacklight_caps function. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a denial of service condition through a NULL pointer dereference when processing ACPI method calls on affected systems with AMD GPUs. This could potentially cause system crashes or instability (Kernel Patch).

The vulnerability has been fixed in multiple Linux kernel versions. Ubuntu has released patches for various versions including 24.10 (6.11.0-18.18), 22.04 LTS (5.15.0-133.144), and 20.04 LTS (5.4.0-208.228). Users should update their kernel to the patched versions available for their distribution (Ubuntu Security).