CVE-2024-26661

Advisory lineage Upstream: 0 Downstream: 29

Downstream

DEBIAN-CVE-2024-26661 RHSA-2024:9315 SUSE-SU-2024:2894-1 SUSE-SU-2024:2939-1 SUSE-SU-2024:2947-1 SUSE-SU-2025:03272-1

Analyzed

Published: 02 Apr 2024, 06:22

Last modified:11 May 2026, 20:01

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (cve.org)

EPSS Score

<0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

02 Apr 2024, 06:22

Published

Vulnerability first disclosed

11 May 2026, 20:01

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' In "u32 otg_inst = pipe_ctx->stream_res.tg->inst;" pipe_ctx->stream_res.tg could be NULL, it is relying on the caller to ensure the tg is not NULL.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

linux•linux
≥ 474ac4a875ca6fea3fc5183d3ad22ef7523dca53, < 3f3c237a706580326d3b7a1b97697e5031ca4667 | ≥ 474ac4a875ca6fea3fc5183d3ad22ef7523dca53, < 39f24c08363af1cd945abad84e3c87fd3e3c845a | ≥ 474ac4a875ca6fea3fc5183d3ad22ef7523dca53, < 66951d98d9bf45ba25acf37fe0747253fafdf298 | 5.9
linux•linux_kernel
≥ 5.9, < 6.6.17 | ≥ 6.7, < 6.7.5 | 6.8:rc1 | 6.8:rc2 | 6.8:rc3