CVE-2024-40926

MEDIUM

Linux kernel - Bug

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: don't attempt to schedule hpd_work on headless cards If the card doesn't have display hardware, hpd_work and hpd_lock are left uninitialized which causes BUG when attempting to schedule hpd_work on runtime PM resume. Fix it by adding headless flag to DRM and skip any hpd if it's set.

References (2)

[Patch] https://git.kernel.org/stable/c/227349998e5740f14d531b0f0d704e66b1ed3c2f

[Patch] https://git.kernel.org/stable/c/b96a225377b6602299a03d2ce3c289b68cd41bb7

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-908

Status published

Products (3)

linux/Kernel 6.7.0 - 6.9.6linux

linux/linux_kernel 6.10 rc1 (3 CPE variants)

linux/linux_kernel 6.7 - 6.9.6

Published Jul 12, 2024

Tracked Since Feb 18, 2026