CVE-2024-46698

MEDIUMNVD 5.55.5—

5.5

In the Linux kernel, the following vulnerability has been resolved:

video/aperture: optionally match the device in sysfb_disable()

In aperture_remove_conflicting_pci_devices(), we currently only call sysfb_disable() on vga class devices. This leads to the following problem when the pimary device is not VGA compatible:

A PCI device with a non-VGA class is the boot display
That device is probed first and it is not a VGA device so

sysfb_disable() is not called, but the device resources are freed by aperture_detach_platform_device()

Non-primary GPU has a VGA class and it ends up calling sysfb_disable()
NULL pointer dereference via sysfb_disable() since the resources

have already been freed by aperture_detach_platform_device() when it was called by the other device.

Fix this by passing a device pointer to sysfb_disable() and checking the device to determine if we should execute it or not.

v2: Fix build when CONFIG_SCREEN_INFO is not set v3: Move device check into the mutex Drop primary variable in aperture_remove_conflicting_pci_devices() Drop __init on pci sysfb_pci_dev_is_enabled()

CVSS v3: 5.5
EG Score: 5.5(medium)
EPSS: 10.2%
KEV: Not listed

Published

September 13, 2024

Last Modified

September 13, 2024

References (2)

416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/17e78f43de0c6da34204cc858b4cc05671ea9acf
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7

Vendor Advisories for CVE-2024-46698(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

CVE-2024-46698
Microsoft Security Response Center (MSRC)Medium
video/aperture: optionally match the device in sysfb_disable()

Patch Availability(5)

Vendor / Ecosystem	Fixed in / Patch	Released	Source
ubuntu	linux-virtual-hwe-24.04 (6.8.0-50.51) @ noble	2026-05-23	ubuntu
ubuntu	linux-tools-nvidia-lowlatency-64k (6.8.0-1019.21.1) @ noble	2026-05-23	ubuntu
ubuntu	linux-tools-azure (6.8.0-1020.23) @ noble	2026-05-23	ubuntu
ubuntu	linux-tools-gkeop-6.8 (6.8.0-1002.4) @ noble	2026-05-23	ubuntu
ubuntu	linux-virtual-hwe-22.04-edge (6.8.0-50.51~22.04.1) @ jammy	2026-05-23	ubuntu

Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

CWE-476NULL Pointer Dereference

All Vendor Advisories

(5)

Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.

Data Freshness Timeline

(refreshed 16× in last 7d / 20× in last 30d)

Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.

2026-06-07 15:24 UTCepss_batch
2026-06-07 15:24 UTCepss_batch
2026-06-06 13:46 UTCepss_batch
2026-06-06 13:46 UTCepss_batch
2026-06-05 22:46 UTCepss_batch
2026-06-05 22:46 UTCepss_batch
2026-06-05 06:09 UTCepss_batch
2026-06-05 06:09 UTCepss_batch
2026-06-04 13:11 UTCepss_batch
2026-06-04 13:11 UTCepss_batch
2026-06-02 20:12 UTCepss_batch
2026-06-02 20:12 UTCepss_batch
2026-06-01 13:51 UTCepss_batch
2026-06-01 13:51 UTCepss_batch
2026-05-31 22:30 UTCepss_batch
2026-05-31 22:30 UTCepss_batch
2026-05-31 00:16 UTCepss_batch
2026-05-31 00:15 UTCepss_batch
2026-05-29 13:43 UTCepss_batch
2026-05-28 13:44 UTCepss_batch

Frequently asked(5)

What is CVE-2024-46698?

CVE-2024-46698 is a medium vulnerability published on September 13, 2024. In the Linux kernel, the following vulnerability has been resolved: video/aperture: optionally match the device in sysfb_disable() In apertureremoveconflictingpcidevices(), we currently only call sysfb_disable() on vga class devices. This leads to the following problem when the pimary device is not…

When was CVE-2024-46698 disclosed?

CVE-2024-46698 was first published in the National Vulnerability Database on September 13, 2024. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2024-46698 actively exploited?

CVE-2024-46698 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 10.2% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.

What is the CVSS score of CVE-2024-46698?

CVE-2024-46698 has a CVSS v3 base score of 5.5 (NVD).

How do I remediate CVE-2024-46698?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2024-46698, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2024-46698

Explore →

Is Your Infrastructure Affected by CVE-2024-46698?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2024-46698

Published

Last Modified

References (2)

Vendor Advisories for CVE-2024-46698(1)

Patch Availability(5)

Weakness Classification(1)

All Vendor Advisories

Data Freshness Timeline

Frequently asked(5)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2024-46698?

Same vendor

Same CWE

CVE-2024-46698

📅 Published

🔄 Last Modified

🔗 References (2)

📣 Vendor Advisories for CVE-2024-46698(1)

Patch Availability(5)

Weakness Classification(1)

All Vendor Advisories

Data Freshness Timeline

❓ Frequently asked(5)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2024-46698?

🔗 Related CVEs(same vendor + same CWE)

Same vendor

Same CWE

Published

Last Modified

References (2)

Vendor Advisories for CVE-2024-46698(1)

Frequently asked(5)

Related CVEs(same vendor + same CWE)