CVE-2024-46870: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46870 affects the Linux kernel's AMD display driver (DCN35). The vulnerability was discovered when the DMCUB (Display Micro-Controller Unit B) was found to intermittently take longer than expected to process commands, potentially leading to race conditions. This issue affects Linux kernel versions up to (excluding) 6.10.9 (NVD).

The vulnerability exists in the AMD display driver's DMCUB timeout handling for DCN35. The old ASIC policy would continue while logging a diagnostic error, which worked for ASICs without IPS (Intelligent Power Sharing). However, with IPS enabled, this could lead to a race condition where attempts to access DCN state while inaccessible could cause system hangs or register access timeouts, leaving the display configuration in an undefined state. The vulnerability has been assigned a CVSS v3.1 base score of 4.7 (Medium) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can result in system hangs when the NIU port is not disabled, or cause register access timeouts that leave the display configuration in an undefined state. This primarily affects system availability and stability rather than confidentiality or integrity (Kernel Patch).

The issue has been resolved by disabling the timeout on DCN35 to avoid the race condition. This fix was implemented through a kernel patch that sets the disabletimeout flag to true in the debugdefaults_drv structure. While this is a temporary solution, developers are investigating why these accesses take longer than expected (Kernel Patch).