CVE-2024-50003

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix system hang while resume with TBT monitor [Why] Connected with a Thunderbolt monitor and do the suspend and the system may hang while resume. The TBT monitor HPD will be triggered during the resume procedure and call the drm_client_modeset_probe() while struct drm_connector connector->dev->master is NULL. It will mess up the pipe topology after resume. [How] Skip the TBT monitor HPD during the resume procedure because we currently will probe the connectors after resume by default. (cherry picked from commit 453f86a26945207a16b8f66aaed5962dc2b95b85)

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/52d4e3fb3d340447dcdac0e14ff21a764f326907	Patch
https://git.kernel.org/stable/c/68d603f467a75618eeae5bfe8af32cda47097010	Patch
https://git.kernel.org/stable/c/722d2d8fc423108597b97efbf165187d16d9aa1e	Patch
https://git.kernel.org/stable/c/73e441be033d3ed0bdff09b575da3e7d4606ffc9	Patch
https://git.kernel.org/stable/c/c2356296f546326f9f06c109e201d42201e1e783	Patch
https://git.kernel.org/stable/c/eb9329cd882aa274e92bdb1003bc088433fdee86	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::

History

01 Nov 2024, 15:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/52d4e3fb3d340447dcdac0e14ff21a764f326907 -~~	() https://git.kernel.org/stable/c/52d4e3fb3d340447dcdac0e14ff21a764f326907 - Patch
References	~~() https://git.kernel.org/stable/c/68d603f467a75618eeae5bfe8af32cda47097010 -~~	() https://git.kernel.org/stable/c/68d603f467a75618eeae5bfe8af32cda47097010 - Patch
References	~~() https://git.kernel.org/stable/c/722d2d8fc423108597b97efbf165187d16d9aa1e -~~	() https://git.kernel.org/stable/c/722d2d8fc423108597b97efbf165187d16d9aa1e - Patch
References	~~() https://git.kernel.org/stable/c/73e441be033d3ed0bdff09b575da3e7d4606ffc9 -~~	() https://git.kernel.org/stable/c/73e441be033d3ed0bdff09b575da3e7d4606ffc9 - Patch
References	~~() https://git.kernel.org/stable/c/c2356296f546326f9f06c109e201d42201e1e783 -~~	() https://git.kernel.org/stable/c/c2356296f546326f9f06c109e201d42201e1e783 - Patch
References	~~() https://git.kernel.org/stable/c/eb9329cd882aa274e92bdb1003bc088433fdee86 -~~	() https://git.kernel.org/stable/c/eb9329cd882aa274e92bdb1003bc088433fdee86 - Patch
CWE		CWE-476
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:6.12:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::

23 Oct 2024, 15:13

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Se soluciona el bloqueo del sistema durante la reanudación con el monitor TBT [Por qué] Conectado con un monitor Thunderbolt y realizando la suspensión, el sistema puede bloquearse durante la reanudación. El HPD del monitor TBT se activará durante el procedimiento de reanudación y llamará a drm_client_modeset_probe() mientras struct drm_connector connector->dev->master sea NULL. Esto arruinará la topología de la tubería después de la reanudación. [Cómo] Omitir el HPD del monitor TBT durante el procedimiento de reanudación porque actualmente sondearemos los conectores después de la reanudación de forma predeterminada. (seleccionado de el commit 453f86a26945207a16b8f66aaed5962dc2b95b85)

21 Oct 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-21 19:15

Updated : 2024-11-01 15:16

NVD link : CVE-2024-50003

Mitre link : CVE-2024-50003

CVE.ORG link : CVE-2024-50003

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2024-50003", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-10-21T19:15:04.020", "references": [{"url": "https://git.kernel.org/stable/c/52d4e3fb3d340447dcdac0e14ff21a764f326907", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/68d603f467a75618eeae5bfe8af32cda47097010", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/722d2d8fc423108597b97efbf165187d16d9aa1e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/73e441be033d3ed0bdff09b575da3e7d4606ffc9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c2356296f546326f9f06c109e201d42201e1e783", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/eb9329cd882aa274e92bdb1003bc088433fdee86", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix system hang while resume with TBT monitor\n\n[Why]\nConnected with a Thunderbolt monitor and do the suspend and the system\nmay hang while resume.\n\nThe TBT monitor HPD will be triggered during the resume procedure\nand call the drm_client_modeset_probe() while\nstruct drm_connector connector->dev->master is NULL.\n\nIt will mess up the pipe topology after resume.\n\n[How]\nSkip the TBT monitor HPD during the resume procedure because we\ncurrently will probe the connectors after resume by default.\n\n(cherry picked from commit 453f86a26945207a16b8f66aaed5962dc2b95b85)"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Se soluciona el bloqueo del sistema durante la reanudaci\u00f3n con el monitor TBT [Por qu\u00e9] Conectado con un monitor Thunderbolt y realizando la suspensi\u00f3n, el sistema puede bloquearse durante la reanudaci\u00f3n. El HPD del monitor TBT se activar\u00e1 durante el procedimiento de reanudaci\u00f3n y llamar\u00e1 a drm_client_modeset_probe() mientras struct drm_connector connector->dev->master sea NULL. Esto arruinar\u00e1 la topolog\u00eda de la tuber\u00eda despu\u00e9s de la reanudaci\u00f3n. [C\u00f3mo] Omitir el HPD del monitor TBT durante el procedimiento de reanudaci\u00f3n porque actualmente sondearemos los conectores despu\u00e9s de la reanudaci\u00f3n de forma predeterminada. (seleccionado de el commit 453f86a26945207a16b8f66aaed5962dc2b95b85)"}], "lastModified": "2024-11-01T15:16:36.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F032D82B-5582-4DF5-B921-BFE0BD301364", "versionEndExcluding": "5.15.168"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0", "versionEndExcluding": "6.6.55", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021", "versionEndExcluding": "6.10.14", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9", "versionEndExcluding": "6.11.3", "versionStartIncluding": "6.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}

5.5 /10