CVE-2024-40926

Published: Jul 12, 2024Modified: Mar 6, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: don't attempt to schedule hpd_work on headless cards If the card doesn't have display hardware, hpd_work and hpd_lock are left uninitialized which causes BUG when attempting to schedule hpd_work on runtime PM resume. Fix it by adding headless flag to DRM and skip any hpd if it's set.

Affected (4)

Products: Linux: Linux Kernel

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.7 to 6.9.6
Linux Linux Kernel	Version 6.10 rc1
Linux Linux Kernel	Version 6.10 rc2
Linux Linux Kernel	Version 6.10 rc3

Related CWEs

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

References (4)

https://git.kernel.org/stable/c/227349998e5740f14d531b0f0d704e66b1ed3c2f

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/b96a225377b6602299a03d2ce3c289b68cd41bb7

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/227349998e5740f14d531b0f0d704e66b1ed3c2f

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/b96a225377b6602299a03d2ce3c289b68cd41bb7

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.