CVE-2024-57799 – A race condition in the Linux kernel's Rockchip... (How to Fix)

Q: What is the severity of CVE-2024-57799?

CVE-2024-57799 has a CVSS score of 5.5 (MEDIUM). A race condition in the Linux kernel's Rockchip Samsung HDPTX PHY driver can cause a NULL pointer dereference during device initialization. This vulnerability affects Linux systems using Rockchip hardware with the affected driver. The issue occurs when runtime power management resumes before driver data is properly set.

📋 TL;DR

A race condition in the Linux kernel's Rockchip Samsung HDPTX PHY driver can cause a NULL pointer dereference during device initialization. This vulnerability affects Linux systems using Rockchip hardware with the affected driver. The issue occurs when runtime power management resumes before driver data is properly set.

💻 Affected Systems

Products:

Linux kernel with Rockchip Samsung HDPTX PHY driver

Versions: Linux kernel versions containing the vulnerable driver code before the fix

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Rockchip hardware using the samsung-hdptx PHY driver. Requires the specific hardware and driver combination.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially requiring physical access to reboot the system.

🟠

Likely Case

System instability or crash during device initialization, particularly when devices are suspended/resumed during boot or hotplug events.

🟢

If Mitigated

No impact if the race condition doesn't occur; system operates normally with proper driver initialization sequence.

🌐 Internet-Facing: LOW - This is a local kernel driver issue requiring physical or local access to trigger.

🏢 Internal Only: MEDIUM - Could be exploited by local users or through automated system management processes that trigger device resets.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering the race condition during device initialization, which may be difficult to reliably reproduce. Requires local access to the system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits 7061849a4a1752a06944a819dd1f7bfd58df7383 and 9d23e48654620fdccfcc74cc2cef04eaf7353d07

Vendor Advisory: https://git.kernel.org/stable/c/7061849a4a1752a06944a819dd1f7bfd58df7383

Restart Required: Yes

Instructions:

1. Update to a kernel version containing the fix commits. 2. Rebuild kernel if compiling from source. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable runtime PM for affected driver

linux

Prevent runtime power management for the samsung-hdptx driver to avoid the race condition

echo 'options rockchip_hdptx_phy runtime_pm=0' > /etc/modprobe.d/rockchip-hdptx.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

Avoid hotplugging or resetting Rockchip HDPTX devices while system is running
Monitor system logs for kernel panic events and have recovery procedures ready

🔍 How to Verify

Check if Vulnerable:

Check if system uses Rockchip hardware and has the samsung-hdptx driver loaded: lsmod | grep hdptx

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains fix commits: grep -q '7061849a4a1752a06944a819dd1f7bfd58df7383\|9d23e48654620fdccfcc74cc2cef04eaf7353d07' /proc/version

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
NULL pointer dereference errors in dmesg
Driver initialization failures

Network Indicators:

None - this is a local kernel issue

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "hdptx")

📊 Metadata

CVE ID: CVE-2024-57799

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.04% exploit probability (10.2th percentile)

Published: January 11, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57799, you might also want to check these: