PT-2024-21588 · Linux+4 · Linux Kernel+4

Published

2024-03-16

Updated

2025-01-14

CVE-2024-26941

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc3+

Description The vulnerability is related to a divide-by-zero regression on DP MST unplug with nouveau. It occurs when using nouveau and unplugging a StarTech MSTDP122DP DisplayPort 1.2 MST hub. The issue does not appear when using a Cable Matters DisplayPort 1.4 MST hub. The vulnerability is caused by a regression in the drm/dp module, specifically in the drm dp bw overhead function.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the divide-by-zero regression on DP MST unplug with nouveau. If an update is not available, consider temporarily disabling the use of the vulnerable module or restricting access to the affected API endpoint until a patch is available.

Exploit

Fix

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

BDU:2025-02913

CVE-2024-26941

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6878-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Ubuntu

Nouveau

PT-2024-21588 · Linux+4 · Linux Kernel+4

CVE-2024-26941

Weakness Enumeration

Related Identifiers

Affected Products

References · 248