CVE-2024-43895: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-43895 is a NULL pointer dereference vulnerability discovered in the Linux kernel's AMD Display Driver (drm/amd/display). The vulnerability was discovered in August 2024 and affects Linux kernel versions up to 6.1.105, from 6.2 to 6.6.46, from 6.7 to 6.10.5, and 6.11-rc1/rc2 (NVD).

The vulnerability occurs in the Display Stream Compression (DSC) parameter recomputation functionality when handling MST (Multi-Stream Transport) and DSC setup. The issue manifests as a NULL pointer dereference at address 0x0000000000000008 in the drmdpatomicfindtimeslots function within the drmdisplay_helper module. The vulnerability is triggered during the atomic check operation in the display driver's MST handling code (Kernel Patch). The CVSS v3.1 base score is 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a kernel crash (denial of service) when a NULL pointer dereference occurs during MST and DSC setup operations. This affects systems using AMD graphics hardware with the amdgpu driver, particularly in configurations using DisplayPort MST functionality (NVD).

The vulnerability has been patched in the Linux kernel by adding a check to skip DSC parameter recomputation when there is no stream on the link. The fix has been backported to multiple kernel versions. Users are advised to update their systems to the patched kernel versions: 6.1.105 or later, 6.6.46 or later, or 6.10.5 or later (Ubuntu Notice).