CVE-2024-50037

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.2-asahi+

Description: The issue is related to the Linux kernel, specifically with the drm/fbdev-dma component. It has been resolved by ensuring that deferred I/O is only cleaned up when necessary. The problem occurred because the drm fbdev dma fb destroy() function called fb deferred io cleanup() unconditionally, even when struct fb info.fbdefio was NULL. This led to a warning from flush work() about a random struct work struct instead of the expected NULL pointer dereferences. The vulnerability was identified with the out-of-tree Apple silicon display driver.

Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix, which is version 6.11.2-asahi+ or later. As a temporary workaround, consider disabling the drm fbdev dma fb destroy() function until a patch is available. Restrict access to the vulnerable drm/fbdev-dma component to minimize the risk of exploitation. Avoid using the fb deferred io cleanup() function in the affected API endpoint until the issue is resolved.