CVE-2024-40924 in Linux
Summary
by MITRE • 07/12/2024
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/dpt: Make DPT object unshrinkable
In some scenarios, the DPT object gets shrunk but the actual framebuffer did not and thus its still there on the DPT's vm->bound_list. Then it tries to rewrite the PTEs via a stale CPU mapping. This causes panic.
[vsyrjala: Add TODO comment]
(cherry picked from commit 51064d471c53dcc8eddd2333c3f1c1d9131ba36c)
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 10/07/2025
The vulnerability identified as CVE-2024-40924 resides within the Linux kernel's graphics subsystem, specifically affecting the intel i915 driver's display port tunneling (DPT) implementation. This issue manifests in scenarios where the DPT object undergoes a shrinking operation while the associated framebuffer remains intact, creating a critical inconsistency in the virtual memory management structure. The problem occurs within the drm/i915/dpt subsystem, where the kernel's graphics driver manages display port tunneling operations for intel graphics hardware. The vulnerability stems from improper synchronization between the DPT object's memory management and the framebuffer's actual state, leading to a dangerous condition where stale memory references persist in the virtual memory binding list.
The technical flaw involves a race condition or memory management inconsistency where the DPT object's virtual memory mapping becomes invalid while the underlying framebuffer data remains accessible and referenced in the vm->bound_list. This creates a scenario where the kernel attempts to rewrite page table entries using a CPU mapping that no longer corresponds to the actual memory layout, resulting in a kernel panic. The issue is particularly insidious because it occurs during memory management operations where the kernel expects consistent state between different memory objects. The vulnerability represents a classic case of improper resource management where the DPT object's shrinking operation fails to properly clean up all references to the associated memory mappings, violating fundamental memory management principles.
The operational impact of this vulnerability is severe as it can cause complete system crashes or panics in graphics-intensive applications or systems with active display port tunneling operations. This affects any system running the Linux kernel with intel graphics hardware that utilizes display port tunneling functionality, potentially disrupting graphics rendering, video playback, and display management operations. The panic condition occurs when the kernel attempts to access memory through stale page table entries, which can lead to immediate system termination and loss of unsaved work. This vulnerability particularly impacts desktop systems, servers with graphics capabilities, and embedded systems using intel graphics controllers, as it can be triggered through normal graphics operations involving display port tunneling.
The mitigation strategy involves ensuring that DPT objects are properly marked as unshrinkable during their lifecycle, preventing the inconsistent state described in the vulnerability. This aligns with CWE-129 which addresses improper validation of array indices and memory management inconsistencies. The fix implements a mechanism to prevent the DPT object from being shrunk when it contains active framebuffer references, ensuring proper memory management synchronization. System administrators should update to kernel versions containing the patched commit 51064d471c53dcc8eddd2333c3f1c1d9131ba36c, which addresses this issue by adding the necessary TODO comment and implementing the unshrinkable object protection. The solution follows ATT&CK technique T1068 by addressing privilege escalation through kernel memory management flaws, though this particular vulnerability affects system stability rather than access control. Organizations should prioritize this patch deployment in environments with intel graphics hardware and active display port tunneling operations, particularly in server and workstation environments where system stability is critical.