FKIE_CVE-2024-35952

Vulnerability from fkie_nvd - Published: 2024-05-20 10:15 - Updated: 2025-09-23 16:44
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: drm/ast: Fix soft lockup There is a while-loop in ast_dp_set_on_off() that could lead to infinite-loop. This is because the register, VGACRI-Dx, checked in this API is a scratch register actually controlled by a MCU, named DPMCU, in BMC. These scratch registers are protected by scu-lock. If suc-lock is not off, DPMCU can not update these registers and then host will have soft lockup due to never updated status. DPMCU is used to control DP and relative registers to handshake with host's VGA driver. Even the most time-consuming task, DP's link training, is less than 100ms. 200ms should be enough.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/35768baf0fdfc47ede42d899506bad78450e9294Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8a6fea3fcb577a543ef67683ca7105bde49a38fbPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a81b2acd43e24e419f65df97348c76a5a1496066Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/bc004f5038220b1891ef4107134ccae44be55109Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/35768baf0fdfc47ede42d899506bad78450e9294Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/8a6fea3fcb577a543ef67683ca7105bde49a38fbPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/a81b2acd43e24e419f65df97348c76a5a1496066Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/bc004f5038220b1891ef4107134ccae44be55109Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 6.9
linux linux_kernel 6.9
linux linux_kernel 6.9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72E24285-1FBF-4A9D-9065-B0FB0D51A0AA",
              "versionEndExcluding": "6.1.87",
              "versionStartIncluding": "5.19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6315B0-B3BA-406C-B0DB-51D9A63753F0",
              "versionEndExcluding": "6.6.28",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "531BDFB5-EF6A-4707-902E-146368303499",
              "versionEndExcluding": "6.8.7",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ast: Fix soft lockup\n\nThere is a while-loop in ast_dp_set_on_off() that could lead to\ninfinite-loop. This is because the register, VGACRI-Dx, checked in\nthis API is a scratch register actually controlled by a MCU, named\nDPMCU, in BMC.\n\nThese scratch registers are protected by scu-lock. If suc-lock is not\noff, DPMCU can not update these registers and then host will have soft\nlockup due to never updated status.\n\nDPMCU is used to control DP and relative registers to handshake with\nhost\u0027s VGA driver. Even the most time-consuming task, DP\u0027s link\ntraining, is less than 100ms. 200ms should be enough."
    },
    {
      "lang": "es",
      "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/ast: corrige el bloqueo suave. Hay un bucle while en ast_dp_set_on_off() que podr\u00eda generar un bucle infinito. Esto se debe a que el registro, VGACRI-Dx, marcado en esta API es un registro temporal en realidad controlado por una MCU, denominada DPMCU, en BMC. Estos registros de scratch est\u00e1n protegidos por scu-lock. Si suc-lock no est\u00e1 desactivado, DPMCU no puede actualizar estos registros y luego el host tendr\u00e1 un bloqueo suave debido a que el estado nunca se actualiz\u00f3. DPMCU se utiliza para controlar DP y los registros relativos al protocolo de enlace con el controlador VGA del host. Incluso la tarea que consume m\u00e1s tiempo, el entrenamiento de enlaces de DP, dura menos de 100 ms. 200 ms deber\u00edan ser suficientes."
    }
  ],
  "id": "CVE-2024-35952",
  "lastModified": "2025-09-23T16:44:35.963",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-20T10:15:10.643",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/35768baf0fdfc47ede42d899506bad78450e9294"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8a6fea3fcb577a543ef67683ca7105bde49a38fb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a81b2acd43e24e419f65df97348c76a5a1496066"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/bc004f5038220b1891ef4107134ccae44be55109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/35768baf0fdfc47ede42d899506bad78450e9294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8a6fea3fcb577a543ef67683ca7105bde49a38fb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a81b2acd43e24e419f65df97348c76a5a1496066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/bc004f5038220b1891ef4107134ccae44be55109"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-667"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.