CVE-2024-57876

EPSS 0.02%
Veröffentlicht 11.01.2025 15:15:07
Zuletzt bearbeitet 03.11.2025 21:18:37
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

drm/dp_mst: Fix resetting msg rx state after topology removal

In the Linux kernel, the following vulnerability has been resolved:

drm/dp_mst: Fix resetting msg rx state after topology removal

If the MST topology is removed during the reception of an MST down reply
or MST up request sideband message, the
drm_dp_mst_topology_mgr::up_req_recv/down_rep_recv states could be reset
from one thread via drm_dp_mst_topology_mgr_set_mst(false), racing with
the reading/parsing of the message from another thread via
drm_dp_mst_handle_down_rep() or drm_dp_mst_handle_up_req(). The race is
possible since the reader/parser doesn't hold any lock while accessing
the reception state. This in turn can lead to a memory corruption in the
reader/parser as described by commit bd2fccac61b4 ("drm/dp_mst: Fix MST
sideband message body length check").

Fix the above by resetting the message reception state if needed before
reading/parsing a message. Another solution would be to hold the
drm_dp_mst_topology_mgr::lock for the whole duration of the message
reception/parsing in drm_dp_mst_handle_down_rep() and
drm_dp_mst_handle_up_req(), however this would require a bigger change.
Since the fix is also needed for stable, opting for the simpler solution
in this patch.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 8

NVD 6 VulnDex Vulnerability Enrichment 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.10.173 < 5.11

Linux ≫ Linux Kernel Version >= 5.15.100 < 5.16

Linux ≫ Linux Kernel Version >= 6.1.18 < 6.1.120

Linux ≫ Linux Kernel Version >= 6.2.5 < 6.6.66

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.5

Linux ≫ Linux Kernel Version6.13 Updaterc1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.063

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/94b33b2d7640e807869451384eb88321dd0ffbd4

Patch

https://git.kernel.org/stable/c/a6fa67d26de385c3c7a23c1e109a0e23bfda4ec7

Patch

https://git.kernel.org/stable/c/be826b4451fd187a7c0b04be4f8243d5df6e0450

Patch

https://git.kernel.org/stable/c/d834d20d2e86c52ed5cab41763fa61e6071680ef

Patch

https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

https://nvd.nist.gov/vuln/detail/CVE-2024-57876