CVE-2024-57798
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's DisplayPort Multi-Stream Transport (DP-MST) subsystem. It allows a local attacker to cause a kernel crash (denial of service) or potentially execute arbitrary code with kernel privileges. Affects Linux systems with DP-MST enabled graphics hardware.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential privilege escalation to kernel-level code execution.
Likely Case
Kernel crash causing system instability or denial of service requiring reboot.
If Mitigated
Limited to denial of service if kernel hardening features prevent code execution.
🎯 Exploit Status
Requires local access and knowledge of DP-MST subsystem. Race condition makes exploitation timing-sensitive.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 9735d40f5fde9970aa46e828ecc85c32571d58a2 or later
Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable DP-MST functionality
LinuxDisable DisplayPort Multi-Stream Transport support in kernel or graphics driver
echo 'blacklist drm_kms_helper' > /etc/modprobe.d/disable-drm.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict local user access to systems with DP-MST hardware
- Implement kernel hardening features like KASLR, SMEP, SMAP to reduce impact
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if DP-MST modules are loaded: 'uname -r' and 'lsmod | grep drm'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and check for presence of fix commits in kernel source📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages in /var/log/kern.log or dmesg
- System crashes/reboots
Network Indicators:
- None - local vulnerability
SIEM Query:
source="kernel" AND ("Oops" OR "general protection fault" OR "use-after-free") AND "drm_dp_mst"🔗 References
- https://git.kernel.org/stable/c/9735d40f5fde9970aa46e828ecc85c32571d58a2
- https://git.kernel.org/stable/c/ce55818b2d3a999f886af91679589e4644ff1dc8
- https://git.kernel.org/stable/c/e54b00086f7473dbda1a7d6fc47720ced157c6a8
- https://git.kernel.org/stable/c/f61b2e5e7821f868d6afc22382a66a30ee780ba0
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
