SB2024062214 - Use of uninitialized resource in Linux kernel gpu drm driver
Published: June 22, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024062214
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of uninitialized resource (CVE-ID: CVE-2024-35927)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the reschedule_output_poll_work() and EXPORT_SYMBOL() functions in drivers/gpu/drm/drm_probe_helper.c, within the drm_mode_config_helper_suspend() and drm_mode_config_helper_resume() functions in drivers/gpu/drm/drm_modeset_helper.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3d1b47e3a935abd4f258a945db87e7267ff4079c
- https://git.kernel.org/stable/c/18451798f4a4e7418b9fad7e7dd313fe84b1f545
- https://git.kernel.org/stable/c/5abffb66d12bcac84bf7b66389c571b8bb6e82bd
- https://git.kernel.org/stable/c/786c27982a39d79cc753f84229eb5977ac8ef1c1
- https://git.kernel.org/stable/c/4ad8d57d902fbc7c82507cfc1b031f3a07c3de6e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.94