5.5
MEDIUM
CVE-2024-58052
AMDGPU NULL Pointer Dereference Vulnerability
Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table The function atomctrl_get_smc_sclk_range_table() does not check the return value of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to retrieve SMU_Info table, it returns NULL which is later dereferenced. Found by Linux Verification Center (linuxtesting.org) with SVACE. In practice this should never happen as this code only gets called on polaris chips and the vbios data table will always be present on those chips.

INFO

Published Date :

March 6, 2025, 4:15 p.m.

Last Modified :

March 25, 2025, 3 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2024-58052 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-58052.

URL Resource
https://git.kernel.org/stable/c/0b97cd8a61b2b40fd73cf92a4bb2256462d22adb Patch
https://git.kernel.org/stable/c/2396bc91935c6da0588ce07850d07897974bd350 Patch
https://git.kernel.org/stable/c/357445e28ff004d7f10967aa93ddb4bffa5c3688 Patch
https://git.kernel.org/stable/c/396350adf0e5ad4bf05f01e4d79bfb82f0f6c41a Patch
https://git.kernel.org/stable/c/6a30634a2e0f1dd3c6b39fd0f114c32893a9907a Patch
https://git.kernel.org/stable/c/a713ba7167c2d74c477dd7764dbbdbe3199f17f4 Patch
https://git.kernel.org/stable/c/ae522ad211ec4b72eaf742b25f24b0a406afcba1 Patch
https://git.kernel.org/stable/c/c47066ed7c8f3b320ef87fa6217a2b8b24e127cc Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-58052 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-58052 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Mar. 25, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE CWE-476
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.13.2 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.76 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.13 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.179 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.129 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.235 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.7 up to (excluding) 5.4.291
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/0b97cd8a61b2b40fd73cf92a4bb2256462d22adb Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/2396bc91935c6da0588ce07850d07897974bd350 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/357445e28ff004d7f10967aa93ddb4bffa5c3688 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/396350adf0e5ad4bf05f01e4d79bfb82f0f6c41a Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/6a30634a2e0f1dd3c6b39fd0f114c32893a9907a Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/a713ba7167c2d74c477dd7764dbbdbe3199f17f4 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/ae522ad211ec4b72eaf742b25f24b0a406afcba1 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/c47066ed7c8f3b320ef87fa6217a2b8b24e127cc Types: Patch
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 13, 2025

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/2396bc91935c6da0588ce07850d07897974bd350
    Added Reference https://git.kernel.org/stable/c/a713ba7167c2d74c477dd7764dbbdbe3199f17f4
    Added Reference https://git.kernel.org/stable/c/c47066ed7c8f3b320ef87fa6217a2b8b24e127cc
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Mar. 06, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table The function atomctrl_get_smc_sclk_range_table() does not check the return value of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to retrieve SMU_Info table, it returns NULL which is later dereferenced. Found by Linux Verification Center (linuxtesting.org) with SVACE. In practice this should never happen as this code only gets called on polaris chips and the vbios data table will always be present on those chips.
    Added Reference https://git.kernel.org/stable/c/0b97cd8a61b2b40fd73cf92a4bb2256462d22adb
    Added Reference https://git.kernel.org/stable/c/357445e28ff004d7f10967aa93ddb4bffa5c3688
    Added Reference https://git.kernel.org/stable/c/396350adf0e5ad4bf05f01e4d79bfb82f0f6c41a
    Added Reference https://git.kernel.org/stable/c/6a30634a2e0f1dd3c6b39fd0f114c32893a9907a
    Added Reference https://git.kernel.org/stable/c/ae522ad211ec4b72eaf742b25f24b0a406afcba1
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-58052 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-58052 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: