PT-2024-36924 · Linux+8 · Linux Kernel+8
Imre Deak
+1
·
Published
2024-11-25
·
Updated
2025-10-31
·
CVE-2024-56616
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
The issue concerns a problem with the MST sideband message body length check in the Linux kernel, which must be at least 1 byte accounting for the message body CRC at the end of the message. This fixes a case where an MST branch device returns a header with a correct header CRC, with the body length being incorrectly set to 0, leading to memory corruption in
drm dp sideband append payload() and resulting in errors such as UBSAN: array-index-out-of-bounds and memcpy: detected field-spanning write.Recommendations
To resolve the issue, update the Linux kernel to version 6.6.74 or later.
As a temporary workaround, consider restricting access to the
drm dp sideband append payload() function until a patch is available.
Avoid using the msg variable in the affected API endpoint until the issue is resolved.
At the moment, there is no other information about additional mitigation measures.Exploit
Fix
Out of bounds Read
Memory Corruption
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu