### [CVE-2024-57876](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57876)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=b30fcedeba643ca16eaa6212c1245598b7cd830d%3C%2094b33b2d7640e807869451384eb88321dd0ffbd4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the Linux kernel, the following vulnerability has been resolved:drm/dp_mst: Fix resetting msg rx state after topology removalIf the MST topology is removed during the reception of an MST down replyor MST up request sideband message, thedrm_dp_mst_topology_mgr::up_req_recv/down_rep_recv states could be resetfrom one thread via drm_dp_mst_topology_mgr_set_mst(false), racing withthe reading/parsing of the message from another thread viadrm_dp_mst_handle_down_rep() or drm_dp_mst_handle_up_req(). The race ispossible since the reader/parser doesn't hold any lock while accessingthe reception state. This in turn can lead to a memory corruption in thereader/parser as described by commit bd2fccac61b4 ("drm/dp_mst: Fix MSTsideband message body length check").Fix the above by resetting the message reception state if needed beforereading/parsing a message. Another solution would be to hold thedrm_dp_mst_topology_mgr::lock for the whole duration of the messagereception/parsing in drm_dp_mst_handle_down_rep() anddrm_dp_mst_handle_up_req(), however this would require a bigger change.Since the fix is also needed for stable, opting for the simpler solutionin this patch.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cve-scores