CVE-2024-50004 in Linux
Summary
by MITRE • 10/21/2024
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35
[WHY & HOW]
Mismatch in DCN35 DML2 cause bw validation failed to acquire unexpected DPP pipe to cause grey screen and system hang. Remove EnhancedPrefetchScheduleAccelerationFinal value override to match HW spec.
(cherry picked from commit 9dad21f910fcea2bdcff4af46159101d7f9cd8ba)
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 03/22/2026
The vulnerability CVE-2024-50004 affects the Linux kernel's AMD display subsystem within the drm/amd/display driver component. This issue specifically targets the Display Memory Controller version 3.5 DML2 policy implementation that governs bandwidth validation and prefetch scheduling for display processing units. The flaw manifests as a critical mismatch in the hardware specification compliance where the software implementation fails to properly handle the EnhancedPrefetchScheduleAccelerationFinal parameter during bandwidth validation processes.
The technical root cause stems from an incorrect override of the EnhancedPrefetchScheduleAccelerationFinal value in the DCN35 DML2 policy implementation. This parameter controls how prefetch scheduling acceleration is applied during bandwidth validation checks for display processing pipes. When the software incorrectly overrides this value, it causes the bandwidth validation mechanism to attempt to acquire unexpected DPP (Display Processing Pipe) resources that do not align with the actual hardware capabilities. This misalignment creates a state where the display subsystem cannot properly allocate resources, leading to display corruption and system instability.
The operational impact of this vulnerability is severe and manifests as grey screen display artifacts combined with complete system hangs. The grey screen occurs because the display subsystem fails to properly initialize or maintain the display pipeline due to the incorrect prefetch scheduling parameters. System hangs result from the validation process becoming stuck in an inconsistent state where it cannot progress through the bandwidth allocation workflow. This vulnerability affects systems running Linux kernels with AMD graphics hardware that utilize DCN35 display controllers, particularly those implementing the drm/amd/display driver with the affected DML2 policy implementation.
The fix implemented addresses this issue by removing the incorrect override of the EnhancedPrefetchScheduleAccelerationFinal value to ensure compliance with the actual hardware specifications. This change aligns the software behavior with the documented DCN35 hardware requirements, allowing proper bandwidth validation to complete successfully and enabling correct DPP pipe allocation. The solution follows the established pattern of hardware specification compliance that is fundamental to display driver stability and proper resource management. This vulnerability demonstrates the critical importance of maintaining strict adherence to hardware specifications in graphics driver implementations, as even seemingly minor parameter overrides can lead to complete system failure and display corruption.
This vulnerability maps to CWE-1220 (Improper Validation of Specification Compliance) and represents a classic case of specification drift in hardware-software interface implementations. From an ATT&CK perspective, this issue could enable privilege escalation through system instability, potentially allowing attackers to disrupt display services or cause denial of service conditions. The fix approach aligns with the principle of hardware specification compliance that is essential for maintaining system stability in graphics processing environments. Organizations should prioritize applying this patch to systems utilizing AMD graphics hardware with DCN35 display controllers to prevent potential display corruption and system hang scenarios that could impact user productivity and system reliability.