CVE-2024-57950: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57950 affects the Linux kernel's AMD display driver, specifically related to denominator initialization in the drm/amd/display component. The vulnerability was discovered through Coverity scanning and reported in February 2025. The issue affects Linux kernel versions up to 6.12.12 and various release candidates of version 6.13 (NVD).

The vulnerability stems from uninitialized variables used as denominators in calculations within the AMD display driver (drm/amd/display). The affected code is in the CalculateBytePerPixelAndBlockSizes function where BytePerPixelY and BytePerPixelC variables were initialized to 0, potentially causing divide-by-zero errors. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on availability (NVD).

The vulnerability could lead to divide-by-zero errors in the AMD display driver, potentially causing system crashes or denial of service conditions. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity (NVD).

The vulnerability has been patched by initializing the denominator variables to 1 instead of 0. The fix was implemented in commit e2c4c6c10542ccfe4a0830bb6c9fd5b177b7bbb7 and backported to stable kernel versions. Users should update to Linux kernel version 6.12.12 or later to address this vulnerability (Kernel Patch).