CVE-2024-44955: 
CBL Mariner vulnerability analysis and mitigation

CVE-2024-44955 affects the Linux kernel's AMD display driver (drm/amd/display). The vulnerability was discovered when a null pointer dereference occurs when unplugging one of the monitors connected after an MST hub. This issue arises because the dcsink gets released immediately in earlyunregister() or detectctx() functions, and when committing a new state that directly references information stored in dcsink, it results in a null pointer dereference (Kernel Git).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) with a CVSS v3.1 Base Score of 5.5 (Medium) and vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The issue occurs in the display driver's MST (Multi-Stream Transport) handling code, specifically in the isdscneedrecompute function where it incorrectly references dc_sink after it has been released (NVD).

When exploited, this vulnerability can cause a null pointer dereference in the Linux kernel's AMD display driver, potentially leading to system crashes or denial of service conditions. The impact is limited to systems using AMD graphics with MST hub configurations (NVD).

The issue has been patched by removing redundant checking conditions and ensuring proper null pointer handling. The fix includes resetting dsc_aux to NULL when the connector is disconnected. The patch has been reviewed and tested by multiple developers (Kernel Git).