CVE-2024-57798

Name	CVE-2024-57798
Description	In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() While receiving an MST up request message from one thread in drm_dp_mst_handle_up_req(), the MST topology could be removed from another thread via drm_dp_mst_topology_mgr_set_mst(false), freeing mst_primary and setting drm_dp_mst_topology_mgr::mst_primary to NULL. This could lead to a NULL deref/use-after-free of mst_primary in drm_dp_mst_handle_up_req(). Avoid the above by holding a reference for mst_primary in drm_dp_mst_handle_up_req() while it's used. v2: Fix kfreeing the request if getting an mst_primary reference fails.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-4076-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	bullseye	5.10.223-1	vulnerable
	bullseye (security)	5.10.234-1	vulnerable
	bookworm	6.1.129-1	fixed
	bookworm (security)	6.1.133-1	fixed
	trixie	6.12.21-1	fixed
	sid	6.12.22-1	fixed
linux-6.1 (PTS)	bullseye (security)	6.1.129-1~deb11u1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
linux	source	bookworm	6.1.123-1
linux	source	(unstable)	6.12.8-1
linux-6.1	source	bullseye	6.1.128-1~deb11u1	DLA-4076-1

https://git.kernel.org/linus/e54b00086f7473dbda1a7d6fc47720ced157c6a8 (6.13-rc2)