CVE-2024-26909

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A use-after-free issue has been identified in the Linux kernel, specifically in the pmic glink altmode driver. This issue arises due to a race condition where the dp-hpd bridge is registered before all resources have been acquired, allowing it to be deregistered on probe deferrals. As a result, when the display controller is initialized, it may trigger a use-after-free error when attaching bridges, potentially causing the display subsystem to fail to initialize or resulting in NULL-pointer dereferences. The issue has been observed in machines like the Lenovo ThinkPad X13s. The fix involves moving the bridge registration in the pmic glink altmode driver to after all resources have been looked up.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.