Use of uninitialized resource in Linux kernel drm panthor driver

Published: 2024-11-08 | Updated: 2025-05-12

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-50173
CWE-ID	CWE-908
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Use of uninitialized resource

EUVDB-ID: #VU100135

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50173

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the tick_ctx_cleanup() function in drivers/gpu/drm/panthor/panthor_sched.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.10 - 6.11.2

CPE2.3

External links

https://git.kernel.org/stable/c/ac2ca5e5148a0d4d78ac01c2d8348d0757c7367f
https://git.kernel.org/stable/c/3bde05794497d5f426d4ea2ecb9868bf7721fb24
https://git.kernel.org/stable/c/282864cc5d3f144af0cdea1868ee2dc2c5110f0d
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.14
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.3
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.