CVE-2024-46851

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition vulnerability has been resolved in the Linux kernel's DRM/AMD display module. The issue occurs between the dcn10 set drr() and dc state destruct() functions. When dc state destruct() is called in parallel with IRQ processing, which calls dcn10 set drr(), it can result in using already nulled function callback fields of struct stream resource. The logic in dcn10 set drr() tries to avoid this by checking tg against NULL, but a race can still occur if the nulling happens after the NULL check and before the next access. To avoid this, tg is copied to a local variable, which is then used for all operations. This fix works as long as nobody frees the resource pool where the timing generators live.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.