CVE-2024-57798

CVE-2024-57798 is a use-after-free and NULL pointer dereference vulnerability in the Linux kernel's Direct Rendering Manager (DRM) DisplayPort Multi-Stream Transport (DP MST) subsystem. The issue occurs in the drm_dp_mst_handle_up_req() function, where a race condition allows one thread to process an MST up request message while another thread removes the MST topology via drm_dp_mst_topology_mgr_set_mst(false). This frees the mst_primary structure and sets drm_dp_mst_topology_mgr::mst_primary to NULL, potentially leading to a NULL dereference or use-after-free when accessing mst_primary.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, such as kernel crashes, data corruption, or arbitrary code execution through the use-after-free condition (CWE-416) or NULL pointer dereference (CWE-476).

Mitigation involves applying kernel patches that ensure a reference to mst_primary is held during its use in drm_dp_mst_handle_up_req(), with an additional fix in version 2 to handle kfreeing of the request if reference acquisition fails. Relevant stable kernel commits include 9735d40f5fde, ce55818b2d3a, e54b00086f74, and f61b2e5e7821, available via kernel.org. Debian LTS users should refer to the announcement at lists.debian.org for updated packages.