CVE-2024-57919: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2024-57919) was discovered in the AMD display driver where the dmgetplanescale function failed to handle cases when plane scaled size equals zero, leading to a kernel oops due to division by zero. This issue was introduced with the cursor overlay mode feature that uses this function to assess cursor mode changes via dmcrtcgetcursor_mode() before checking plane state. The vulnerability was discovered on January 19, 2025, affecting Linux kernel versions from 6.11 up to (excluding) 6.12.10 (NVD).

The vulnerability occurs in the dmgetplanescale function within the AMD display driver (drm/amd/display). The function performs division operations without checking if the divisor (planesrcw or planesrch) is zero, which can lead to a division by zero error. The issue manifests when calculating plane scale values using the formula 'planestate->crtcw * 1000 / planesrcw' and 'planestate->crtch * 1000 / planesrc_h'. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability causes a kernel oops due to division by zero, which can lead to system instability or denial of service. The issue particularly affects systems using AMD graphics with the amdgpu driver when handling cursor overlay mode operations (Kernel Patch).

The issue has been fixed by modifying the dmgetplanescale function to check for zero values before performing division operations. The fix sets the out-scale size to zero when the destination size is zero, similar to the approach used in drmcalc_scale(). The patch has been merged into the Linux kernel and is available in updated versions (Kernel Patch).