CVE-2024-50004 is a vulnerability identified in the Linux kernel specifically affecting the Direct Rendering Manager (DRM) subsystem for AMD graphics hardware. The issue lies within the Display Microarchitecture Layer 2 (DML2) policy implementation for the DCN35 display engine. The vulnerability arises due to a mismatch in the DML2 policy that causes bandwidth validation failures. This failure leads to the unexpected acquisition of a Display Pipe Processor (DPP) pipe resource, which in turn results in a grey screen and system hang conditions. The root cause is an override of the EnhancedPrefetchScheduleAccelerationFinal parameter that does not align with the hardware specifications, causing the bandwidth validation logic to malfunction. The fix involves removing this override to ensure the policy matches the hardware spec, thereby preventing the system from entering an unstable state. This vulnerability affects specific Linux kernel versions identified by the commit hash 7966f319c66d9468623c6a6a017ecbc0dd79be75. Although no known exploits are currently reported in the wild, the issue can cause denial of service through system hangs and display failures on affected AMD GPU configurations running Linux kernels with the vulnerable code.

For European organizations, this vulnerability primarily impacts systems running Linux kernels with AMD graphics hardware that utilize the affected DRM driver code. The impact manifests as system instability, including grey screens and system hangs, which can disrupt business operations, especially in environments relying on Linux-based workstations or servers with graphical interfaces. Industries such as media production, scientific research, and any sector using Linux desktops or graphical applications with AMD GPUs may experience productivity losses. Additionally, critical infrastructure or industrial control systems using Linux with AMD graphics could face operational disruptions. While this vulnerability does not directly lead to data breaches or privilege escalation, the denial of service effect can cause significant downtime and operational impact. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or targeted triggering of the issue.

European organizations should promptly update their Linux kernels to versions that include the patch removing the EnhancedPrefetchScheduleAccelerationFinal override in the DRM AMD display driver. Kernel updates should be sourced from trusted Linux distribution maintainers or directly from the Linux kernel mainline if applicable. Organizations should audit their systems to identify those running AMD GPUs with the affected kernel versions and prioritize patching these systems. For environments where immediate patching is not feasible, consider disabling or limiting graphical workloads that rely on the affected DRM driver to reduce exposure. Monitoring system logs for signs of display-related errors or system hangs can help detect attempts to trigger the vulnerability. Additionally, organizations should maintain robust backup and recovery procedures to mitigate the impact of potential system hangs or crashes. Coordination with hardware vendors for firmware updates or driver patches may also be beneficial if further mitigations become available.