CVE-2024-50177: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-50177 affects the Linux kernel's AMD display driver (drm/amd/display). The vulnerability is related to a shift-out-of-bounds condition in DML2.1 when programming phantom pipe. When cursor_width is explicitly set to 0, this causes calculation logic to trigger an overflow for an unsigned int, which triggers the kernel's UBSAN (Undefined Behavior Sanitizer) check (NVD).

The issue occurs in the file dml2coredcn4calcs.c where a shift exponent of 4294967170 becomes too large for a 32-bit unsigned integer type. This triggers when the cursorwidth parameter is set to 0 during phantom pipe programming. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 MEDIUM with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can cause a kernel UBSAN warning and potential system instability. While there are no direct confidentiality or integrity impacts, the availability of the system could be affected due to the undefined behavior in the kernel's display driver (NVD).

The issue has been fixed by adding a guard for checking cursor width before triggering the size calculation. The fix involves checking for cursor presence using num_cursors before performing cursor-related calculations. The patch has been merged into the Linux kernel (Kernel Patch).