CVE-2024-26916 in Linuxinfo

Summary

by MITRE • 04/17/2024

In the Linux kernel, the following vulnerability has been resolved:

Revert "drm/amd: flush any delayed gfxoff on suspend entry"

commit ab4750332dbe ("drm/amdgpu/sdma5.2: add begin/end_use ring callbacks") caused GFXOFF control to be used more heavily and the codepath that was removed from commit 0dee72639533 ("drm/amd: flush any delayed gfxoff on suspend entry") now can be exercised at suspend again.

Users report that by using GNOME to suspend the lockscreen trigger will cause SDMA traffic and the system can deadlock.

This reverts commit 0dee726395333fea833eaaf838bc80962df886c8.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 09/16/2025

The vulnerability CVE-2024-26916 represents a critical regression in the Linux kernel's AMD graphics driver implementation that affects system stability during suspend operations. This issue specifically impacts the amdgpu driver component within the Direct Rendering Manager subsystem, where the removal of a previously implemented GFXOFF (Graphics Off) flush mechanism during suspend entry has created a deadlock condition. The root cause stems from the interaction between two kernel commits where the second commit ab4750332dbe introduced new SDMA (System Direct Memory Access) ring callbacks that increased reliance on GFXOFF control mechanisms. When the system enters suspend mode, the delayed GFXOFF handling that was previously removed in commit 0dee726395333fea833eaaf838bc80962df886c8 has now become active again, creating a scenario where SDMA traffic continues to flow through the system. This particular codepath was designed to handle delayed GFXOFF operations but was inadvertently removed during earlier development phases, only to be reintroduced in a manner that creates system instability.

The operational impact of this vulnerability manifests primarily during system suspend operations when users attempt to lock their screens through desktop environments like GNOME. The specific trigger involves the lockscreen functionality causing SDMA traffic to persist during suspend, which leads to a system deadlock condition where the kernel cannot properly transition to the suspended state. This creates a denial of service scenario where users experience complete system hangs, requiring forced power cycling to recover. The vulnerability affects systems with AMD graphics hardware that utilize the amdgpu driver, particularly those running recent Linux kernel versions where the problematic commits have been integrated. The issue demonstrates a classic case of regression testing failure where changes in one component inadvertently break functionality in another related component, creating unexpected behavior in the system's power management subsystem.

This vulnerability aligns with CWE-691, which describes insufficient control flow management, specifically in the context of power management and system state transitions. The issue also maps to ATT&CK technique T1490, which covers execution through system binary proxies, as the vulnerability exploits the normal system suspend mechanism to create an unintended execution path that leads to deadlock conditions. The problem represents a failure in the kernel's power management subsystem to properly coordinate between graphics hardware state management and system suspend operations. The reversion of commit 0dee726395333fea833eaaf838bc80962df886c8 is the recommended mitigation, which restores the previously removed GFXOFF flush mechanism during suspend entry. This fix addresses the core issue by ensuring that all pending GFXOFF operations are properly flushed before system suspension begins, preventing the SDMA traffic from continuing during the suspend transition. The fix also emphasizes the importance of maintaining proper coordination between hardware state management and system power management operations, particularly when dealing with complex graphics subsystems that require careful handling of GPU state transitions.

The technical complexity of this vulnerability highlights the challenges inherent in modern graphics driver development where multiple subsystems must work in harmony during system state transitions. The issue demonstrates how seemingly isolated changes in kernel code can have cascading effects throughout the system's power management architecture, particularly when dealing with hardware that supports dynamic power states like GFXOFF. The vulnerability's manifestation through GNOME's lockscreen functionality indicates that desktop environment integration with kernel power management is also a critical factor in triggering the condition. This represents a typical scenario where user interaction with system services can expose underlying kernel implementation flaws, making proper testing of user-facing features critical for identifying such regressions. The fix requires careful attention to ensure that the restored GFXOFF handling mechanism properly coordinates with other power management components while avoiding performance regressions in normal operation scenarios.

Reservation

02/19/2024

Disclosure

04/17/2024

Moderation

accepted

CPE

ready

EPSS

0.00171

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!