CVE-2024-40932: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-40932 is a memory leak vulnerability discovered in the Linux kernel's drm/exynos/vidi driver component. The vulnerability was disclosed on July 12, 2024, and affects the .get_modes() function where a duplicated EDID (Extended Display Identification Data) is never freed after use (NVD). The issue affects multiple versions of the Linux kernel, from versions prior to 4.19.317 up through various branches including 5.x and 6.x series (Debian).

The vulnerability is classified as CWE-401 (Missing Release of Memory after Effective Lifetime) and has received a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The technical issue occurs in the vidigetmodes() function where the duplicated EDID memory is allocated but not properly freed after use, leading to a memory leak (NVD).

The memory leak can lead to resource exhaustion over time, potentially affecting system availability. The vulnerability requires local access and low privileges to exploit, with no impact on confidentiality or integrity but a high impact on availability (NVD).

The vulnerability has been fixed in multiple Linux kernel versions through patches that properly free the duplicated EDID memory after use. Fixed versions include Linux kernel 5.15.0-121.131 for Ubuntu 22.04 LTS, 5.4.0-195.215 for Ubuntu 20.04 LTS, and various other distribution-specific kernel versions (Ubuntu).