CVE-2024-35942

low-risk

Published 2024-05-19

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain According to i.MX8MP RM and HDMI ADD, the fdcc clock is part of hdmi rx verification IP that should not enable for HDMI TX. But actually if the clock is disabled before HDMI/LCDIF probe, LCDIF will not get pixel clock from HDMI PHY and print the error logs: [CRTC:39:crtc-2] vblank wait timed out WARNING: CPU: 2 PID: 9 at drivers/gpu/drm/drm_atomic_helper.c:1634 drm_atomic_helper_wait_for_vblanks.part.0+0x23c/0x260 Add fdcc clock to LCDIF and HDMI TX power domains to fix the issue.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (6)

Patch https://git.kernel.org/stable/c/697624ee8ad557ab5417f985d2c804241a7ad30d

Patch https://git.kernel.org/stable/c/9d3f959b426635c4da50dfc7b1306afd84d23e7c

Patch https://git.kernel.org/stable/c/b13c0d871cd878ff53d25507ca535f59ed1f6a2a

Patch https://git.kernel.org/stable/c/697624ee8ad557ab5417f985d2c804241a7ad30d

Patch https://git.kernel.org/stable/c/9d3f959b426635c4da50dfc7b1306afd84d23e7c

Patch https://git.kernel.org/stable/c/b13c0d871cd878ff53d25507ca535f59ed1f6a2a

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal