CVE-2024-40926

MEDIUM

Linux Kernel 6.7-6.9.5 - Use of Uninitialized Resource in Nouveau DRM HPD Work Scheduling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: don't attempt to schedule hpd_work on headless cards If the card doesn't have display hardware, hpd_work and hpd_lock are left uninitialized which causes BUG when attempting to schedule hpd_work on runtime PM resume. Fix it by adding headless flag to DRM and skip any hpd if it's set.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/227349998e5740f14d531b0f0d704e66b1ed3c2f

Patch

https://git.kernel.org/stable/c/b96a225377b6602299a03d2ce3c289b68cd41bb7

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 14.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-908

Status published

Products (9)

linux/Kernel 6.7.0 - 6.9.6linux

Linux/Linux < 6.7

Linux/Linux 6.10

Linux/Linux 6.7

Linux/Linux 6.9.6 - 6.9.*

Linux/Linux ae1aadb1eb8d3cbc52e42bee71d67bd4a71f9f07 - 227349998e5740f14d531b0f0d704e66b1ed3c2f

Linux/Linux ae1aadb1eb8d3cbc52e42bee71d67bd4a71f9f07 - b96a225377b6602299a03d2ce3c289b68cd41bb7

linux/linux_kernel 6.10 rc1 (3 CPE variants)

linux/linux_kernel 6.7 - 6.9.6

Published Jul 12, 2024

Tracked Since Feb 18, 2026