CVE-2024-57799 in Linux
Summary
by MITRE • 01/11/2025
In the Linux kernel, the following vulnerability has been resolved:
phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM
In some cases, rk_hdptx_phy_runtime_resume() may be invoked before platform_set_drvdata() is executed in ->probe(), leading to a NULL pointer dereference when using the return of dev_get_drvdata().
Ensure platform_set_drvdata() is called before devm_pm_runtime_enable().
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 01/25/2026
The vulnerability CVE-2024-57799 represents a critical race condition in the Linux kernel's Rockchip HDMI PHY driver implementation that can lead to system instability and potential denial of service conditions. This issue specifically affects the samsung-hdptx phy driver within the rockchip platform support code, where improper ordering of driver initialization sequences creates a window of opportunity for null pointer dereferences during runtime power management operations. The problem manifests when the runtime power management subsystem attempts to resume the phy device before the driver has properly established its private data structure, creating a fundamental timing issue that violates standard driver initialization protocols.
The technical flaw stems from a violation of proper driver initialization sequence where the platform_set_drvdata() function is called after devm_pm_runtime_enable(), creating a race condition that allows rk_hdptx_phy_runtime_resume() to execute before the driver data structure is properly established. This ordering issue directly maps to CWE-362, a classic race condition vulnerability where concurrent execution paths access shared resources without proper synchronization or initialization ordering. The driver's probe function fails to ensure that device driver data is available before enabling runtime power management, which is a fundamental violation of the Linux kernel's device model expectations and can result in unpredictable behavior when the system attempts to manage power states for the phy device.
The operational impact of this vulnerability extends beyond simple system crashes to potentially compromise the entire system stability during power management transitions. When the runtime power management subsystem attempts to resume the HDMI phy device, it calls the runtime resume handler that expects valid driver data to be present in the device's driver data structure. However, due to the improper initialization order, dev_get_drvdata() returns NULL instead of the expected private data structure, resulting in immediate NULL pointer dereference and system crash. This vulnerability affects systems using Rockchip SoCs with HDMI phy functionality, particularly those implementing runtime power management features, and can be exploited by malicious actors to cause denial of service or potentially escalate privileges through carefully crafted power management operations.
Mitigation strategies for CVE-2024-57799 focus on correcting the driver initialization sequence to ensure proper ordering of platform_set_drvdata() before devm_pm_runtime_enable() is called. The fix requires modifying the probe function to establish driver data context before enabling runtime power management, which aligns with the ATT&CK technique T1490 for system network denial of service and addresses the fundamental driver development practice of proper resource initialization ordering. System administrators should ensure immediate patching of affected kernel versions, particularly those running on Rockchip-based platforms with HDMI phy support, and monitor for any related system instability or unexpected power management behavior. Additionally, the fix demonstrates the importance of following established kernel driver development patterns and the principle of proper initialization ordering that prevents race conditions in concurrent system operations, making it a critical update for embedded systems and devices relying on Rockchip SoC platforms.