CVE-2024-57799: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57799 is a vulnerability in the Linux kernel affecting the Rockchip Samsung HDMI/eDP Combo PHY driver. The issue was discovered when the rkhdptxphyruntimeresume() function could be invoked before platformsetdrvdata() is executed in the probe function, potentially leading to a NULL pointer dereference when using the return of devgetdrvdata(). The vulnerability affects Linux kernel versions from 6.9 up to (excluding) 6.12.8, as well as various 6.13 release candidates (rc1 through rc4) (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The issue is classified as a NULL Pointer Dereference (CWE-476) vulnerability. The technical root cause stems from incorrect ordering of operations in the driver initialization sequence, where runtime PM is enabled before the driver data is properly set (NVD, Kernel Patch).

The vulnerability can lead to a NULL pointer dereference in the Linux kernel's Rockchip Samsung HDMI/eDP Combo PHY driver, potentially causing system crashes or denial of service conditions. The impact is limited to systems using the affected hardware and driver combination (NVD).

The vulnerability has been fixed by ensuring platformsetdrvdata() is called before devmpmruntime_enable(). The fix has been implemented in the Linux kernel through patches that correct the initialization sequence. Users should update to Linux kernel version 6.12.8 or later to address this vulnerability (Kernel Patch).