CVE-2024-56775
Published: 08 January 2025
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix handling of plane refcount [Why] The mechanism to backup and restore plane states doesn't maintain refcount, which can cause issues if the refcount of the plane changes in between backup and restore operations, such as memory leaks if the refcount was supposed to go down, or double frees / invalid memory accesses if the refcount was supposed to go up. [How] Cache and re-apply current refcount when restoring plane states.
Security Summary
CVE-2024-56775 is a vulnerability in the Linux kernel's drm/amd/display subsystem that affects the mechanism for backing up and restoring plane states. The issue arises because this mechanism fails to properly maintain reference counts (refcounts) on planes. If the refcount changes between backup and restore operations, it can lead to memory leaks when the refcount should decrease, or double frees and invalid memory accesses when it should increase. The vulnerability carries a CVSS v3.1 base score of 7.8 and is associated with CWE-401 (Memory Leak) and CWE-415 (Double Free).
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation allows high-impact consequences, including unauthorized disclosure of sensitive information, modification of data, and denial of service through system crashes or corruption, all within the unchanged security scope.
Kernel patches address the issue by caching the current refcount and re-applying it during plane state restoration. Relevant commits are available at https://git.kernel.org/stable/c/27227a234c1487cb7a684615f0749c455218833a and https://git.kernel.org/stable/c/8cb2f6793845f135b28361ba8e96901cae3e5790. Security practitioners should ensure affected Linux kernels are updated to incorporate these fixes.
Details
- CWE(s)