CVE-2024-57798: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57798 is a vulnerability discovered in the Linux kernel affecting the DisplayPort Multi-Stream Transport (MST) functionality. The issue was identified in January 2025 and involves a potential NULL pointer dereference and use-after-free condition in the drmdpmsthandleup_req() function. The vulnerability affects multiple versions of the Linux kernel, including versions up to 6.1.123, versions from 6.2 up to 6.6.69, and versions from 6.7 up to 6.12.8 (NVD).

The vulnerability occurs in the Linux kernel's DisplayPort MST handling code. While receiving an MST up request message from one thread in drmdpmsthandleupreq(), the MST topology could be removed from another thread via drmdpmsttopologymgrsetmst(false), which frees mstprimary and sets drmdpmsttopologymgr::mstprimary to NULL. This race condition could lead to a NULL dereference or use-after-free of mstprimary in drmdpmsthandleup_req(). The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could potentially lead to local privilege escalation on affected systems. The high CVSS score indicates that successful exploitation could result in significant impacts to system confidentiality, integrity, and availability when exploited by an attacker with local access to the system (Ubuntu).

A fix has been developed that involves holding a reference for mstprimary in drmdpmsthandleupreq() while it's used. The patch ensures the mst_primary pointer remains valid throughout its usage by implementing proper reference counting. The fix has been incorporated into various Linux kernel versions and is being distributed through distribution-specific updates (Kernel Patch).