Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-pp66-xz9x-rqdm
Vulnerability ID VCID-pp66-xz9x-rqdm
Aliases CVE-2024-43899
Summary In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer deref in dcn20_resource.c Fixes a hang thats triggered when MPV is run on a DCN401 dGPU: mpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all and then enabling fullscreen playback (double click on the video) The following calltrace will be seen: [ 181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 181.843997] #PF: supervisor instruction fetch in kernel mode [ 181.844003] #PF: error_code(0x0010) - not-present page [ 181.844009] PGD 0 P4D 0 [ 181.844020] Oops: 0010 [#1] PREEMPT SMP NOPTI [ 181.844028] CPU: 6 PID: 1892 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu [ 181.844038] Hardware name: System manufacturer System Product Name/CROSSHAIR VI HERO, BIOS 6302 10/23/2018 [ 181.844044] RIP: 0010:0x0 [ 181.844079] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 181.844084] RSP: 0018:ffffb593c2b8f7b0 EFLAGS: 00010246 [ 181.844093] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000004 [ 181.844099] RDX: ffffb593c2b8f804 RSI: ffffb593c2b8f7e0 RDI: ffff9e3c8e758400 [ 181.844105] RBP: ffffb593c2b8f7b8 R08: ffffb593c2b8f9c8 R09: ffffb593c2b8f96c [ 181.844110] R10: 0000000000000000 R11: 0000000000000000 R12: ffffb593c2b8f9c8 [ 181.844115] R13: 0000000000000001 R14: ffff9e3c88000000 R15: 0000000000000005 [ 181.844121] FS: 00007c6e323bb5c0(0000) GS:ffff9e3f85f80000(0000) knlGS:0000000000000000 [ 181.844128] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 181.844134] CR2: ffffffffffffffd6 CR3: 0000000140fbe000 CR4: 00000000003506e0 [ 181.844141] Call Trace: [ 181.844146] <TASK> [ 181.844153] ? show_regs+0x6d/0x80 [ 181.844167] ? __die+0x24/0x80 [ 181.844179] ? page_fault_oops+0x99/0x1b0 [ 181.844192] ? do_user_addr_fault+0x31d/0x6b0 [ 181.844204] ? exc_page_fault+0x83/0x1b0 [ 181.844216] ? asm_exc_page_fault+0x27/0x30 [ 181.844237] dcn20_get_dcc_compression_cap+0x23/0x30 [amdgpu] [ 181.845115] amdgpu_dm_plane_validate_dcc.constprop.0+0xe5/0x180 [amdgpu] [ 181.845985] amdgpu_dm_plane_fill_plane_buffer_attributes+0x300/0x580 [amdgpu] [ 181.846848] fill_dc_plane_info_and_addr+0x258/0x350 [amdgpu] [ 181.847734] fill_dc_plane_attributes+0x162/0x350 [amdgpu] [ 181.848748] dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu] [ 181.849791] ? dm_update_plane_state.constprop.0+0x4e3/0x6b0 [amdgpu] [ 181.850840] amdgpu_dm_atomic_check+0xdfe/0x1760 [amdgpu]
Status Published
Exploitability 0.5
Weighted Severity 4.0
Risk 2.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
cvssv3 4.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43899.json
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2024-43899
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2024-43899
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://git.kernel.org/stable/c/6940c1d0c84a34d5a2038714c218238101a1db5b
ssvc Track https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e
ssvc Track https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43899.json
https://api.first.org/data/v1/epss?cve=CVE-2024-43899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43899
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2307872 https://bugzilla.redhat.com/show_bug.cgi?id=2307872
6940c1d0c84a34d5a2038714c218238101a1db5b https://git.kernel.org/stable/c/6940c1d0c84a34d5a2038714c218238101a1db5b
974fccd61758599a9716c4b909d9226749efe37e https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e
ecbf60782662f0a388493685b85a645a0ba1613c https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c
USN-7154-1 https://usn.ubuntu.com/7154-1/
USN-7154-2 https://usn.ubuntu.com/7154-2/
USN-7155-1 https://usn.ubuntu.com/7155-1/
USN-7156-1 https://usn.ubuntu.com/7156-1/
USN-7196-1 https://usn.ubuntu.com/7196-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43899.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:56Z/ Found at https://git.kernel.org/stable/c/6940c1d0c84a34d5a2038714c218238101a1db5b
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:56Z/ Found at https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:56Z/ Found at https://git.kernel.org/stable/c/ecbf60782662f0a388493685b85a645a0ba1613c
Exploit Prediction Scoring System (EPSS)
Percentile 0.04842
EPSS Score 0.00018
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:51:22.425823+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0