CVE-2024-57876

EPSS 0.03%
Published 11.01.2025 15:15:07
Last modified 03.11.2025 21:18:37
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

drm/dp_mst: Fix resetting msg rx state after topology removal

If the MST topology is removed during the reception of an MST down reply
or MST up request sideband message, the
drm_dp_mst_topology_mgr::up_req_recv/down_rep_recv states could be reset
from one thread via drm_dp_mst_topology_mgr_set_mst(false), racing with
the reading/parsing of the message from another thread via
drm_dp_mst_handle_down_rep() or drm_dp_mst_handle_up_req(). The race is
possible since the reader/parser doesn't hold any lock while accessing
the reception state. This in turn can lead to a memory corruption in the
reader/parser as described by commit bd2fccac61b4 ("drm/dp_mst: Fix MST
sideband message body length check").

Fix the above by resetting the message reception state if needed before
reading/parsing a message. Another solution would be to hold the
drm_dp_mst_topology_mgr::lock for the whole duration of the message
reception/parsing in drm_dp_mst_handle_down_rep() and
drm_dp_mst_handle_up_req(), however this would require a bigger change.
Since the fix is also needed for stable, opting for the simpler solution
in this patch.

Affected products Warnungen 0 Metrics 2 CWE 2 References 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.10.173 < 5.11

Linux ≫ Linux Kernel Version >= 5.15.100 < 5.16

Linux ≫ Linux Kernel Version >= 6.1.18 < 6.1.120

Linux ≫ Linux Kernel Version >= 6.2.5 < 6.6.66

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.5

Linux ≫ Linux Kernel Version6.13 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.088

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/94b33b2d7640e807869451384eb88321dd0ffbd4

Patch

https://git.kernel.org/stable/c/a6fa67d26de385c3c7a23c1e109a0e23bfda4ec7

Patch

https://git.kernel.org/stable/c/be826b4451fd187a7c0b04be4f8243d5df6e0450

Patch

https://git.kernel.org/stable/c/d834d20d2e86c52ed5cab41763fa61e6071680ef

Patch

https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

https://nvd.nist.gov/vuln/detail/CVE-2024-57876

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-57876

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-57876

EUVD