CVE-2024-46870 – A race condition vulnerability in the AMD displ... (How to Fix)

Q: What is the severity of CVE-2024-46870?

CVE-2024-46870 has a CVSS score of 4.7 (MEDIUM). A race condition vulnerability in the AMD display driver for Linux kernel DCN35 architecture could cause system hangs when DMCUB processes commands slower than expected. This affects Linux systems with AMD graphics hardware using DCN35 display architecture. The vulnerability requires local access to trigger.

📋 TL;DR

A race condition vulnerability in the AMD display driver for Linux kernel DCN35 architecture could cause system hangs when DMCUB processes commands slower than expected. This affects Linux systems with AMD graphics hardware using DCN35 display architecture. The vulnerability requires local access to trigger.

💻 Affected Systems

Products:

Linux kernel with AMD display driver

Versions: Linux kernel versions containing the vulnerable DCN35 DMCUB timeout code

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with AMD graphics hardware using DCN35 architecture. Requires IPS (Idle Power Saving) feature to be enabled.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System becomes unresponsive and requires hard reboot, potentially causing data loss or service disruption.

🟠

Likely Case

Intermittent display glitches or temporary system freezes during graphics-intensive operations.

🟢

If Mitigated

Minor performance impact with diagnostic logging but no system hangs.

🌐 Internet-Facing: LOW - Requires local access to trigger, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local users or processes with graphics access could trigger system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering specific race condition timing during DMCUB command processing. Not trivial to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commit 31c254c9cd4b122a10db297124f867107a696d83 or 7c70e60fbf4bff1123f0e8d5cb1ae71df6164d7f

Vendor Advisory: https://git.kernel.org/stable/c/31c254c9cd4b122a10db297124f867107a696d83

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Reboot system. 3. Verify kernel version with 'uname -r'.

🔧 Temporary Workarounds

Disable IPS feature

linux

Disable Idle Power Saving feature to prevent the race condition

echo 0 > /sys/class/drm/card*/device/power_dpm_force_performance_level

🧯 If You Can't Patch

Avoid graphics-intensive applications that may trigger DMCUB timeouts
Monitor system for display-related hangs and have reboot procedures ready

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if using AMD graphics with DCN35 architecture. Run 'lspci | grep -i amd' and 'uname -r'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version contains the fix commit: 'git log --oneline | grep -i "31c254c9cd4b122a10db297124f867107a696d83"'

📡 Detection & Monitoring

Log Indicators:

Kernel logs showing DMCUB timeout errors
System hang events in system logs

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("DMCUB" OR "timeout" OR "display")

📊 Metadata

CVE ID: CVE-2024-46870

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-362

Published: October 9, 2024

Last Updated: October 23, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46870, you might also want to check these: