{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T04:21:14.571","vulnerabilities":[{"cve":{"id":"CVE-2024-46850","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-09-27T13:15:16.787","lastModified":"2024-10-04T15:30:32.110","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()\n\ndc_state_destruct() nulls the resource context of the DC state. The pipe\ncontext passed to dcn35_set_drr() is a member of this resource context.\n\nIf dc_state_destruct() is called parallel to the IRQ processing (which\ncalls dcn35_set_drr() at some point), we can end up using already nulled\nfunction callback fields of struct stream_resource.\n\nThe logic in dcn35_set_drr() already tries to avoid this, by checking tg\nagainst NULL. But if the nulling happens exactly after the NULL check and\nbefore the next access, then we get a race.\n\nAvoid this by copying tg first to a local variable, and then use this\nvariable for all the operations. This should work, as long as nobody\nfrees the resource pool where the timing generators live.\n\n(cherry picked from commit 0607a50c004798a96e62c089a4c34c220179dcb5)"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Evitar la ejecución entre dcn35_set_drr() y dc_state_destruct() dc_state_destruct() anula el contexto de recurso del estado del DC. El contexto de tubería pasado a dcn35_set_drr() es un miembro de este contexto de recurso. Si se llama a dc_state_destruct() en paralelo al procesamiento de IRQ (que llama a dcn35_set_drr() en algún momento), podemos terminar usando campos de devolución de llamada de función ya anulados de struct stream_resource. La lógica en dcn35_set_drr() ya intenta evitar esto, al comprobar tg contra NULL. Pero si la anulación ocurre exactamente después de la comprobación de NULL y antes del siguiente acceso, entonces obtenemos una ejecución. Evite esto copiando tg primero a una variable local y luego use esta variable para todas las operaciones. Esto debería funcionar, siempre y cuando nadie libere el grupo de recursos donde se encuentran los generadores de tiempo. (seleccionado de el commit 0607a50c004798a96e62c089a4c34c220179dcb5)"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.10.11","matchCriteriaId":"F5DB5367-F1F5-4200-B3B3-FDF8AFC3D255"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*","matchCriteriaId":"8B3CE743-2126-47A3-8B7C-822B502CF119"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*","matchCriteriaId":"4DEB27E7-30AA-45CC-8934-B89263EF3551"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*","matchCriteriaId":"E0005AEF-856E-47EB-BFE4-90C46899394D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*","matchCriteriaId":"39889A68-6D34-47A6-82FC-CD0BF23D6754"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*","matchCriteriaId":"B8383ABF-1457-401F-9B61-EE50F4C61F4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*","matchCriteriaId":"B77A9280-37E6-49AD-B559-5B23A3B1DC3D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.11:rc7:*:*:*:*:*:*","matchCriteriaId":"DE5298B3-04B4-4F3E-B186-01A58B5C75A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/42850927656a540428e58d370b3c1599a617bac7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e835d5144f5ef78e4f8828c63e2f0d61144f283a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}