PT-2025-3577 · Linux+8 · Linux Kernel+8
Published
2024-12-05
·
Updated
2026-03-14
·
CVE-2024-57798
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
The issue arises in the Linux kernel's drm/dp mst module, specifically in the
drm dp mst handle up req() function. When receiving an MST up request message from one thread, the MST topology could be removed from another thread via drm dp mst topology mgr set mst(false), freeing mst primary and setting drm dp mst topology mgr::mst primary to NULL. This could lead to a NULL dereference or use-after-free of mst primary in drm dp mst handle up req(). The problem is resolved by holding a reference for mst primary in drm dp mst handle up req() while it's used.Recommendations
To resolve the issue, update the Linux kernel to version 6.6.74 or later.
As a temporary workaround, consider applying the patch that fixes the issue of freeing the request if getting an
mst primary reference fails.Exploit
Fix
DoS
NULL Pointer Dereference
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu