PT-2024-35572 · Linux+5 · Linux Kernel+5

Published

2024-11-11

Updated

2026-03-14

CVE-2024-53108

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.65

Description The issue is caused by the ID extraction happening outside of the range of the edid length in the AMD EDID, leading to out-of-bounds issues when using KASAN. This results in a slab-out-of-bounds error in the amdgpu dm update freesync caps function. The problem is addressed by considering the amd vsdb block size.

Recommendations To resolve the issue, update to Linux kernel version 6.6.65 or later. As a temporary workaround, consider disabling the amdgpu dm update freesync caps function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the amd vsdb block size in the affected API endpoint until the issue is resolved.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2024-17211

ALT-PU-2024-17888

ALT-PU-2025-12647

AZL-54265

AZL-54268

BDU:2025-06981

CVE-2024-53108

ECHO-F6B7-FF78-4F92

MGASA-2024-0392

MGASA-2024-0393

OESA-2024-2590

OPENSUSE-SU-2024_4314-1

OPENSUSE-SU-2024_4316-1

SUSE-SU-2024:4314-1

SUSE-SU-2024:4316-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4387-1

SUSE-SU-2025:20163-1

SUSE-SU-2025:20164-1

SUSE-SU-2025:20246-1

SUSE-SU-2025:20247-1

USN-7276-1

USN-7277-1

USN-7310-1

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7468-1

USN-7523-1

USN-7524-1

Affected Products

Alt Linux

Debian

Linuxmint

Linux Kernel

Suse

Ubuntu

PT-2024-35572 · Linux+5 · Linux Kernel+5

CVE-2024-53108

Weakness Enumeration

Related Identifiers

Affected Products

References · 2256