CVE-2024-35952: drm/ast: Fix soft lockup
In the Linux kernel, the following vulnerability has been resolved:
drm/ast: Fix soft lockup
The Linux kernel CVE team has assigned CVE-2024-35952 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052017-CVE-2024-35952-645b@gregkh/T
Other sources
In the Linux kernel, the following vulnerability has been resolved:
drm/ast: Fix soft lockup
There is a while-loop in astdpsetonoff() that could lead to infinite-loop. This is because the register, VGACRI-Dx, checked in this API is a scratch register actually controlled by a MCU, named DPMCU, in BMC.
These scratch registers are protected by scu-lock. If suc-lock is not off, DPMCU can not update these registers and then host will have soft lockup due to never updated status.
DPMCU is used to control DP and relative registers to handshake with host's VGA driver. Even the most time-consuming task, DP's link training, is less than 100ms. 200ms should be enough.
— NVD
Linux Kernel is vulnerable to a denial of service, caused by a soft lockup error. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-35952?
CVE-2024-35952 has been classified as a moderate severity vulnerability in the Linux kernel.
Which kernel versions are affected by CVE-2024-35952?
CVE-2024-35952 affects various versions of the Linux kernel including 5.10, 6.1, 6.6, 6.8, and 6.9.
How do I fix CVE-2024-35952?
To fix CVE-2024-35952, update the Linux kernel to the latest version recommended for your distribution.
What impact does CVE-2024-35952 have on system performance?
CVE-2024-35952 can lead to a soft lockup in the system, affecting overall performance and stability.
Is there a patch available for CVE-2024-35952?
Yes, patches have been released to address CVE-2024-35952, and users should apply them immediately.