CVE-2024-57799 is a vulnerability identified in the Linux kernel, specifically affecting the Rockchip platform driver for the Samsung HDPTX PHY (physical layer). The issue arises due to a race condition in the driver initialization sequence. The function rk_hdptx_phy_runtime_resume() can be called before the platform driver has set its driver-specific data pointer via platform_set_drvdata() during the probe() phase. This leads to a NULL pointer dereference when dev_get_drvdata() is called, as the driver data has not yet been initialized. The consequence is a potential kernel crash (denial of service) due to the NULL pointer dereference. The root cause is the improper ordering of runtime power management (PM) enablement and driver data setup; runtime PM is enabled before the driver data pointer is assigned, allowing runtime resume callbacks to occur prematurely. The fix involves ensuring that platform_set_drvdata() is called before devm_pm_runtime_enable(), guaranteeing that the driver data pointer is valid before any runtime PM callbacks can be invoked. This vulnerability is specific to the Rockchip Samsung HDPTX PHY driver in the Linux kernel and does not appear to have known exploits in the wild at the time of publication. No CVSS score has been assigned yet, and the vulnerability was published on January 11, 2025.

For European organizations, the impact of CVE-2024-57799 primarily involves systems running Linux kernels with the affected Rockchip Samsung HDPTX PHY driver. This is likely to be embedded or specialized hardware using Rockchip SoCs, which are common in certain IoT devices, industrial equipment, and some consumer electronics. The vulnerability can cause kernel crashes due to NULL pointer dereferences, leading to denial of service conditions. In critical infrastructure or industrial control systems using affected hardware, this could result in operational disruptions. While the vulnerability does not directly lead to privilege escalation or data leakage, the denial of service can interrupt services, potentially affecting availability of critical systems. Since no known exploits exist yet, the immediate risk is moderate, but the vulnerability could be leveraged in targeted attacks against embedded Linux devices. European organizations relying on embedded Linux devices with Rockchip hardware in sectors like manufacturing, telecommunications, or smart city infrastructure should be aware of this risk.

To mitigate CVE-2024-57799, organizations should: 1) Apply the latest Linux kernel patches that address this issue, ensuring the platform_set_drvdata() call precedes devm_pm_runtime_enable() in the Rockchip Samsung HDPTX PHY driver code. 2) For embedded devices or appliances using Rockchip SoCs, coordinate with hardware vendors or device manufacturers to obtain firmware or kernel updates incorporating this fix. 3) Implement runtime monitoring for kernel crashes or unexpected reboots that could indicate exploitation attempts. 4) Limit exposure of affected devices to untrusted networks to reduce the risk of remote triggering of the vulnerability. 5) For critical systems, consider deploying kernel hardening features and runtime integrity checks to detect anomalous behavior. 6) Maintain an inventory of devices using Rockchip hardware and Linux kernels to prioritize patching and risk assessment. 7) Engage with Linux distribution maintainers or embedded system vendors to track patch availability and deployment schedules.