CVE-2024-40926

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/nouveau: don't attempt to schedule hpd_work on headless cards

If the card doesn't have display hardware, hpd_work and hpd_lock are left uninitialized which causes BUG when attempting to schedule hpd_work on runtime PM resume.

Fix it by adding headless flag to DRM and skip any hpd if it's set.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxae1aadb1eb8d3cbc52e42bee71d67bd4a71f9f07 < 227349998e5740f14d531b0f0d704e66b1ed3c2faffected
LinuxLinuxae1aadb1eb8d3cbc52e42bee71d67bd4a71f9f07 < b96a225377b6602299a03d2ce3c289b68cd41bb7affected
LinuxLinux6.7affected
LinuxLinux0 < 6.7unaffected
LinuxLinux6.9.6 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References