CVE-2024-38664: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-38664 affects the Linux kernel's DisplayPort subsystem driver (zynqmp_dpsub). The vulnerability was discovered in June 2024 and involves improper initialization of a DRM bridge component, specifically related to the handling of HPD (Hot-Plug Detection) mutex initialization (NVD).

The vulnerability stems from a locking issue in the zynqmpdpsub driver where the DRM bridge's hpdmutex was not properly initialized before being accessed. The issue occurs when zynqmpdphpdworkfunc calls drmbridgehpdnotify, which expects hpdmutex to be initialized. This results in a lockdep warning and potential system instability. The CVSS v3.1 base score is 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can lead to system instability and potential crashes when the DisplayPort subsystem's hot-plug detection functionality is triggered. This affects systems using the Xilinx ZynqMP DisplayPort subsystem, particularly in scenarios where hot-plug detection is active (Kernel Patch).

The vulnerability has been patched by modifying the driver to always register the DRM bridge before initializing other components. The fix ensures proper initialization of the hpdmutex by calling drmbridgeadd before zynqmpdpsubdrminit. Users should update to patched kernel versions that include the fix (Kernel Patch).