CVE-2024-50156: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50156 is a vulnerability discovered in the Linux kernel affecting the DRM/MSM display driver. The issue was identified in the msmdispstateprintregs() function where a NULL pointer dereference could occur if memory allocation fails in msmdispstatedumpregs(). The vulnerability was disclosed on November 7, 2024, and affects Linux kernel versions from 5.14 through 6.11.6 (NVD).

The vulnerability stems from improper NULL pointer handling in the msmdispstateprintregs() function. When the allocation in msmdispstatedumpregs() fails, block->state can be NULL. Although the function attempts to handle this with a check 'if (reg) dump_addr = reg', since dumpaddr is initialized to NULL, this check becomes ineffective and the code proceeds to dereference dumpaddr. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a NULL pointer dereference in the Linux kernel's DRM/MSM display driver, potentially causing a system crash or denial of service condition. The impact is limited to systems using the affected MSM display driver components (NVD).

The vulnerability has been patched in the Linux kernel. The fix involves modifying the msmdispstateprintregs() function to properly handle NULL pointers by adding an explicit NULL check and printing "Registers not stored" when encountering a NULL pointer. The fix also improves code quality by removing a pointless double-pointer parameter and properly marking the pointer as const (Kernel Patch).