{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-26941","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.197Z","datePublished":"2024-05-01T05:17:52.810Z","dateUpdated":"2025-05-04T09:00:17.192Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:00:17.192Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/dp: Fix divide-by-zero regression on DP MST unplug with nouveau\n\nFix a regression when using nouveau and unplugging a StarTech MSTDP122DP\nDisplayPort 1.2 MST hub (the same regression does not appear when using\na Cable Matters DisplayPort 1.4 MST hub). Trace:\n\n divide error: 0000 [#1] PREEMPT SMP PTI\n CPU: 7 PID: 2962 Comm: Xorg Not tainted 6.8.0-rc3+ #744\n Hardware name: Razer Blade/DANA_MB, BIOS 01.01 08/31/2018\n RIP: 0010:drm_dp_bw_overhead+0xb4/0x110 [drm_display_helper]\n Code: c6 b8 01 00 00 00 75 61 01 c6 41 0f af f3 41 0f af f1 c1 e1 04 48 63 c7 31 d2 89 ff 48 8b 5d f8 c9 48 0f af f1 48 8d 44 06 ff <48> f7 f7 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 45 31\n RSP: 0018:ffffb2c5c211fa30 EFLAGS: 00010206\n RAX: ffffffffffffffff RBX: 0000000000000000 RCX: 0000000000f59b00\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffb2c5c211fa48 R08: 0000000000000001 R09: 0000000000000020\n R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000023b4a\n R13: ffff91d37d165800 R14: ffff91d36fac6d80 R15: ffff91d34a764010\n FS:  00007f4a1ca3fa80(0000) GS:ffff91d6edbc0000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000559491d49000 CR3: 000000011d180002 CR4: 00000000003706f0\n Call Trace:\n  <TASK>\n  ? show_regs+0x6d/0x80\n  ? die+0x37/0xa0\n  ? do_trap+0xd4/0xf0\n  ? do_error_trap+0x71/0xb0\n  ? drm_dp_bw_overhead+0xb4/0x110 [drm_display_helper]\n  ? exc_divide_error+0x3a/0x70\n  ? drm_dp_bw_overhead+0xb4/0x110 [drm_display_helper]\n  ? asm_exc_divide_error+0x1b/0x20\n  ? drm_dp_bw_overhead+0xb4/0x110 [drm_display_helper]\n  ? drm_dp_calc_pbn_mode+0x2e/0x70 [drm_display_helper]\n  nv50_msto_atomic_check+0xda/0x120 [nouveau]\n  drm_atomic_helper_check_modeset+0xa87/0xdf0 [drm_kms_helper]\n  drm_atomic_helper_check+0x19/0xa0 [drm_kms_helper]\n  nv50_disp_atomic_check+0x13f/0x2f0 [nouveau]\n  drm_atomic_check_only+0x668/0xb20 [drm]\n  ? drm_connector_list_iter_next+0x86/0xc0 [drm]\n  drm_atomic_commit+0x58/0xd0 [drm]\n  ? __pfx___drm_printfn_info+0x10/0x10 [drm]\n  drm_atomic_connector_commit_dpms+0xd7/0x100 [drm]\n  drm_mode_obj_set_property_ioctl+0x1c5/0x450 [drm]\n  ? __pfx_drm_connector_property_set_ioctl+0x10/0x10 [drm]\n  drm_connector_property_set_ioctl+0x3b/0x60 [drm]\n  drm_ioctl_kernel+0xb9/0x120 [drm]\n  drm_ioctl+0x2d0/0x550 [drm]\n  ? __pfx_drm_connector_property_set_ioctl+0x10/0x10 [drm]\n  nouveau_drm_ioctl+0x61/0xc0 [nouveau]\n  __x64_sys_ioctl+0xa0/0xf0\n  do_syscall_64+0x76/0x140\n  ? do_syscall_64+0x85/0x140\n  ? do_syscall_64+0x85/0x140\n  entry_SYSCALL_64_after_hwframe+0x6e/0x76\n RIP: 0033:0x7f4a1cd1a94f\n Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <41> 89 c0 3d 00 f0 ff ff 77 1f 48 8b 44 24 18 64 48 2b 04 25 28 00\n RSP: 002b:00007ffd2f1df520 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 00007ffd2f1df5b0 RCX: 00007f4a1cd1a94f\n RDX: 00007ffd2f1df5b0 RSI: 00000000c01064ab RDI: 000000000000000f\n RBP: 00000000c01064ab R08: 000056347932deb8 R09: 000056347a7d99c0\n R10: 0000000000000000 R11: 0000000000000246 R12: 000056347938a220\n R13: 000000000000000f R14: 0000563479d9f3f0 R15: 0000000000000000\n  </TASK>\n Modules linked in: rfcomm xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat nf_tables nfnetlink br_netfilter bridge stp llc ccm cmac algif_hash overlay algif_skcipher af_alg bnep binfmt_misc snd_sof_pci_intel_cnl snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof_intel_hda snd_sof snd_sof_utils snd_soc_acpi_intel_match snd_soc_acpi snd_soc_core snd_compress snd_sof_intel_hda_mlink snd_hda_ext_core iwlmvm intel_rapl_msr intel_rapl_common intel_tcc_cooling x86_pkg_temp_thermal intel_powerclamp mac80211 coretemp kvm_intel snd_hda_codec_hdmi kvm snd_hda_\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/display/drm_dp_helper.c"],"versions":[{"version":"c1d6a22b7219bd52c66e9e038a282ba79f04be1f","lessThan":"828862071a6ca0c52655e6e62ac7abfef3e5c578","status":"affected","versionType":"git"},{"version":"c1d6a22b7219bd52c66e9e038a282ba79f04be1f","lessThan":"9cbd1dae842737bfafa4b10a87909fa209dde250","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/display/drm_dp_helper.c"],"versions":[{"version":"6.8","status":"affected"},{"version":"0","lessThan":"6.8","status":"unaffected","versionType":"semver"},{"version":"6.8.3","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.8.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/828862071a6ca0c52655e6e62ac7abfef3e5c578"},{"url":"https://git.kernel.org/stable/c/9cbd1dae842737bfafa4b10a87909fa209dde250"}],"title":"drm/dp: Fix divide-by-zero regression on DP MST unplug with nouveau","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:21:05.703Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/828862071a6ca0c52655e6e62ac7abfef3e5c578","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/9cbd1dae842737bfafa4b10a87909fa209dde250","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-26941","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:45:45.826291Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:32:58.653Z"}}]}}