CVE-2024-56683: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56683 affects the Linux kernel's DRM (Direct Rendering Manager) subsystem, specifically the VC4 HDMI driver. The vulnerability was discovered and disclosed on December 28, 2024. The issue occurs when attempting to read HDMI debug registers through the debugfs interface (/sys/kernel/debug/dri/1/hdmi1_regs) while the HDMI is disconnected and the system is in a suspended state (NVD).

The vulnerability is caused by the power management (PM) suspend code disabling the DVP clock, which is a gate of the 108MHz clock in DVP_HT_RPI_MISC_CONFIG. When attempting to access the debug registers in this state, it results in a hanging AXI bus. The fix involves protecting against this condition by properly managing the power state through pm_runtime_resume_and_get() and pm_runtime_put() calls around the debug register access (Kernel Commit).

When exploited, this vulnerability can cause a fatal system hang when attempting to read HDMI debug registers while the HDMI is disconnected. This can lead to a denial of service condition requiring a system restart (NVD).

The issue has been fixed in various Linux kernel versions. The fix has been backported to multiple stable kernel branches. Debian has addressed this in version 6.1.6.1.128-1~deb11u1, Ubuntu has fixed it in version 6.11.0-18.18 for 24.10 (oracular), and other distributions have also released patches (Debian LTS, Ubuntu).