CVE CyberSecurity Database News

CVE-2024-26941: Linux Kernel DRM/DP Vulnerability Fixed - Divide By Zero Regression on DP MST Unplug with Nouveau

Poster -

A newly resolved vulnerability in the Linux kernel affects the Direct Rendering Manager/DisplayPort (DRM/DP) subsystem. The issue is a divide-by-zero regression that occurs on DP Multi-Stream Transport (MST) unplug when using the Nouveau driver. This vulnerability has been assigned the identifier CVE-2024-26941.

More specifically, the regression occurs when unplugging a StarTech MSTDP122DP DisplayPort 1.2 MST hub. No regression is seen when using a Cable Matters DisplayPort 1.4 MST hub.

The problem was traced back to a divide error in the "drm_dp_bw_overhead" function in the "drm_display_helper" module. The complete trace can be found in the original post here.

Here is the problematic code snippet

  trace:
   divide error: 000 [#1] PREEMPT SMP PTI
   RIP: 001:drm_dp_bw_overhead+xb4/x110 [drm_display_helper]
  ...
   RSP: 0018:ffffb2c5c211fa30 EFLAGS: 00010206
  ...
   RBP: ffffb2c5c211fa48
  ...
   Call Trace:
    <TASK>
---truncated---

The divide-by-zero error was fixed in drm_dp_bw_overhead. The discussion thread regarding the fix can be found here.

With the fix, the affected system will no longer experience a crash when unplugging a StarTech MSTDP122DP DisplayPort 1.2 MST hub.

Users of the Nouveau driver should ensure they update their systems to a kernel version containing the fix to avoid issues when handling DisplayPort MST hubs, particularly the StarTech MSTDP122DP model.

For more information about the patch and to view the original references for this vulnerability, please consult the following links:

- Original post with trace details
- Discussion thread with fix details
- Nouveau - Free and Open Source driver for NVIDIA GPUs

Please ensure your systems are updated to stay protected against all known vulnerabilities and take preventive measures accordingly.

Timeline

Published on: 05/01/2024 06:15:09 UTC
Last modified on: 05/29/2024 05:25:34 UTC