PT-2024-5405 · Linux+5 · Linux Kernel+5

Published

2024-05-02

·

Updated

2025-09-29

·

CVE-2024-38664

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37
Description The vulnerability is related to the drm: zynqmp dpsub module in the Linux kernel. It is caused by the zynqmp dp hpd work func function calling drm bridge hpd notify, which expects hpd mutex to be initialized. To fix this, the DRM bridge must always be registered before zynqmp dpsub drm init is called, as it calls drm bridge attach. This resolves a lockdep warning.
The issue is related to a synchronization problem, where the hpd mutex is not properly initialized before being used. This can lead to a lockdep warning and potentially cause other issues.
The vulnerability can be exploited by an attacker to affect the confidentiality, integrity, and availability of protected information.
Recommendations To resolve this issue, update the Linux kernel to version 6.6.37 or later. This version includes the fix for the drm: zynqmp dpsub module, ensuring that the DRM bridge is always registered before zynqmp dpsub drm init is called.

Exploit

Fix

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-10855
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-42895
AZL-42919
BDU:2024-06049
CVE-2024-38664
MGASA-2024-0263
MGASA-2024-0266
OESA-2024-1836
SUSE-SU-2024:2571-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6999-1
USN-6999-2
USN-7004-1
USN-7005-1
USN-7005-2
USN-7008-1
USN-7029-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu