CVE-2024-36024 in Linux
Summary
by MITRE • 05/30/2024
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Disable idle reallow as part of command/gpint execution
[Why]
Workaroud for a race condition where DMCUB is in the process of committing to IPS1 during the handshake causing us to miss the transition into IPS2 and touch the INBOX1 RPTR causing a HW hang.
[How]
Disable the reallow to ensure that we have enough of a gap between entry and exit and we're not seeing back-to-back wake_and_executes.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 09/30/2025
The vulnerability CVE-2024-36024 addresses a critical race condition within the AMD display subsystem of the Linux kernel's direct rendering manager framework. This issue specifically affects the display microcontroller unit backend communication mechanism that handles display power management states. The flaw manifests when the Display Microcontroller Unit Backend (DMCUB) is in the process of committing changes to the IPS1 state during a handshake operation, creating a timing window where the system fails to properly transition to the IPS2 state. This mismanagement results in improper handling of the INBOX1 read pointer, ultimately leading to hardware hangs that can severely impact system stability and display functionality.
The technical implementation of this vulnerability resides in the drm/amd/display subsystem where command and general purpose interrupt (GPINT) execution flows are managed. When DMCUB attempts to commit to IPS1 state during handshake operations, the timing coordination between different hardware components becomes compromised. The race condition occurs because the system does not properly synchronize the transition sequence, causing the hardware state machine to miss critical state transitions. This results in the INBOX1 register pointer being incorrectly touched or manipulated, which triggers a hardware hang condition that requires manual intervention or system reboot to resolve.
From an operational impact perspective, this vulnerability represents a significant threat to systems utilizing AMD graphics hardware in desktop and server environments. The hardware hang condition can cause complete display subsystem failures, potentially leading to system lockups or crashes that affect user productivity and system reliability. The issue is particularly concerning in enterprise environments where display stability is critical for remote desktop sessions, virtualized workloads, or multi-monitor configurations. The race condition nature of the vulnerability means it may be intermittent and difficult to reproduce consistently, making it challenging to detect and remediate in production environments.
The mitigation strategy implemented in the kernel fix involves disabling the reallow functionality during command and GPINT execution phases. This approach ensures sufficient temporal separation between entry and exit operations, preventing the occurrence of back-to-back wake_and_execute operations that contribute to the race condition. By introducing this gap in the execution flow, the system maintains proper state transition timing and prevents the hardware from entering an inconsistent state that would trigger the hang condition. This solution aligns with the common security principle of introducing temporal barriers to prevent race conditions, and it follows established practices for managing hardware synchronization issues in kernel-level display drivers. The fix addresses the underlying CWE-367 weakness related to time-of-check to time-of-use vulnerabilities and helps prevent potential exploitation through denial-of-service vectors that could be leveraged by malicious actors to disrupt display functionality.