CVE-2024-46698

Summary

CVE-2024-46698 is a vulnerability identified in the Linux kernel that affects systems using PCI devices, particularly when the primary display device is not VGA compatible. The issue arises from a NULL pointer dereference during the execution of sysfb_disable() due to improper handling of device resource freeing in the aperture_remove_conflicting_pci_devices() function. To remediate this vulnerability, a patch has been released that modifies how sysfb_disable() is called by checking the device type before execution. Organizations could face significant availability impacts, as this vulnerability has a medium severity rating with potential local exploitation and requires low privileges to execute. It is recommended that users apply the available patches promptly to mitigate risks associated with this flaw.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.