CVE-2024-57876

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description The issue arises when the MST topology is removed during the reception of an MST down reply or MST up request sideband message. This can cause a race condition between threads, leading to a memory corruption in the reader/parser. The problem occurs because the reader/parser does not hold any lock while accessing the reception state. To fix this, the message reception state is reset if needed before reading/parsing a message.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider implementing a lock for the whole duration of the message reception/parsing in drm dp mst handle down rep() and drm dp mst handle up req() functions to prevent the race condition. However, this would require a more significant change.