Lyude Paul

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** The issue concerns a problem with the MST sideband message body length check in the Linux kernel, which must be at least 1 byte accounting for the message body CRC at the end of the message. This fixes a case where an MST branch device returns a header with a correct header CRC, with the body length being incorrectly set to 0, leading to memory corruption in `drm dp sideband append payload()` and resulting in errors such as `UBSAN: array-index-out-of-bounds` and `memcpy: detected field-spanning write`. **Recommendations** To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider restricting access to the `drm dp sideband append payload()` function until a patch is available. Avoid using the `msg` variable in the affected API endpoint until the issue is resolved. At the moment, there is no other information about additional mitigation measures.