CVE-2024-46850: 
Linux Debian vulnerability analysis and mitigation

CVE-2024-46850 is a race condition vulnerability in the Linux kernel affecting the AMD display driver (drm/amd/display). The vulnerability was discovered in September 2024 and affects Linux kernel versions from 6.7 up to (excluding) 6.10.11, as well as Linux kernel 6.11 release candidates (rc1 through rc7). The issue occurs between dcn35setdrr() and dcstatedestruct() functions in the AMD display driver (Kernel Patch).

The vulnerability stems from a race condition where dcstatedestruct() nulls the resource context of the DC state while the pipe context passed to dcn35setdrr() is still being accessed. Although dcn35setdrr() includes a NULL check for the timing generator (tg), the race condition can occur if nulling happens after the NULL check but before the subsequent access. This can result in accessing already nulled function callback fields of struct stream_resource. The vulnerability has been assigned a CVSS v3.1 base score of 4.7 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a NULL pointer dereference in the Linux kernel's AMD display driver, potentially causing system instability or denial of service conditions. The issue specifically affects the display refresh rate (DRR) functionality in AMD's DCN3.5 display controller (Kernel Patch).

The issue has been patched by modifying the dcn35setdrr() function to copy the timing generator (tg) to a local variable before use, ensuring that the pointer remains valid throughout the operation. Users should update to Linux kernel version 6.10.11 or later to receive the fix. The patch has been backported to affected stable kernel versions (Kernel Patch).