CVE-2024-46850

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition has been identified between dcn35 set drr() and dc state destruct() in the Linux kernel's AMD display module. The issue arises when dc state destruct() nulls the resource context of the DC state, and the pipe context passed to dcn35 set drr() is a member of this resource context. If dc state destruct() is called in parallel with IRQ processing, which calls dcn35 set drr(), it can result in using already nulled function callback fields of struct stream resource. The logic in dcn35 set drr() attempts to avoid this by checking tg against NULL, but a race can still occur if the nulling happens after the NULL check and before the next access. To resolve this, the code now copies tg to a local variable and uses this variable for all operations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.