CVE-2024-50003: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50003 affects the Linux kernel's AMD display driver (drm/amd/display). The vulnerability was discovered on October 21, 2024, and involves a system hang issue that occurs during resume with a Thunderbolt (TBT) monitor. The issue affects multiple versions of the Linux kernel up to versions 5.15.168, 6.1.113, 6.6.55, 6.10.14, and 6.11.3 (NVD).

The vulnerability occurs when a Thunderbolt monitor is connected and the system undergoes a suspend/resume cycle. During the resume procedure, the TBT monitor Hot Plug Detection (HPD) is triggered, which calls drmclientmodesetprobe() while the struct drmconnector connector->dev->master is NULL. This results in corrupted pipe topology after resume. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can cause a system hang during the resume process when using a Thunderbolt monitor. This affects system availability and can disrupt user operations, particularly in environments where Thunderbolt monitors are commonly used (NVD).

The issue has been fixed by skipping the TBT monitor HPD during the resume procedure, as the connectors are probed after resume by default. The fix has been implemented in various kernel versions and is available through system updates. Ubuntu has released patches for multiple versions including 22.04 LTS and 20.04 LTS (Ubuntu).