CVE-2024-35952 in Linux
Summary
by MITRE • 05/20/2024
In the Linux kernel, the following vulnerability has been resolved:
drm/ast: Fix soft lockup
There is a while-loop in ast_dp_set_on_off() that could lead to infinite-loop. This is because the register, VGACRI-Dx, checked in this API is a scratch register actually controlled by a MCU, named DPMCU, in BMC.
These scratch registers are protected by scu-lock. If suc-lock is not off, DPMCU can not update these registers and then host will have soft lockup due to never updated status.
DPMCU is used to control DP and relative registers to handshake with host's VGA driver. Even the most time-consuming task, DP's link training, is less than 100ms. 200ms should be enough.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 09/23/2025
The vulnerability identified as CVE-2024-35952 represents a critical soft lockup condition within the Linux kernel's display subsystem, specifically affecting the ast DRM driver implementation. This flaw manifests in the ast_dp_set_on_off() function where a while-loop continuously monitors a hardware register designated as VGACRI-Dx. The issue stems from the fundamental misunderstanding of register semantics within the hardware architecture, where the VGACRI-Dx register is actually a scratch register controlled by a dedicated Microcontroller Unit (MCU) known as DPMCU located within the Baseboard Management Controller (BMC). The register's intended function as a status indicator for hardware operations conflicts with its actual role as a communication channel between host and BMC systems, creating a dangerous dependency scenario.
The technical execution of this vulnerability occurs through the SCU-lock mechanism that governs access to these shared scratch registers. When the SCU-lock remains active, the DPMCU cannot update the VGACRI-Dx register values, causing the host system's polling loop to wait indefinitely for status changes that will never occur. This creates a classic infinite loop condition that results in system soft lockup, effectively rendering the display subsystem non-responsive while the kernel remains in an unbreakable polling state. The vulnerability is particularly concerning because it operates at the kernel level within device driver code, bypassing normal user-space protections and potentially affecting system stability and availability.
The operational impact of this vulnerability extends beyond simple system hang conditions to encompass broader reliability concerns for systems relying on the AST graphics driver, particularly those in server and embedded environments where display functionality is critical for monitoring and management operations. The time complexity of the affected operation is minimal in normal circumstances, with DP link training typically completing in less than 100 milliseconds, yet the system allocates 200 milliseconds as a safety margin, indicating that the loop should terminate well within reasonable timeframes. However, the lockup condition prevents this natural termination, creating a persistent denial of service scenario that could compromise system availability and monitoring capabilities.
Security mitigations for this vulnerability must address the fundamental architectural mismatch between expected and actual register behavior, requiring modifications to the polling logic to implement proper timeout mechanisms and error handling. The fix should incorporate timeout thresholds to prevent indefinite waiting for register updates, while also implementing proper error detection to identify when the SCU-lock mechanism is preventing expected register updates. From a compliance perspective, this vulnerability aligns with CWE-835 which addresses infinite loops and improper loop termination conditions, and relates to ATT&CK technique T1499.004 which covers network denial of service attacks through system resource exhaustion. Organizations should implement immediate kernel updates to address this vulnerability while also considering monitoring for signs of system lockup conditions that might indicate this or similar issues in other display subsystem components.