PT-2024-6725 · Linux+4 · Linux Kernel+4

Roman Li

Published

2024-07-01

Updated

2025-10-03

CVE-2024-41061

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to a potential out of bounds access in the dml2 calculate rq and dlg params() function because the value of out lowest state idx used as an index for the FCLKChangeSupport array can be greater than 1. This could allow an attacker to impact the confidentiality, integrity, and availability of protected information. The dml2 core specifies identical values for all FCLKChangeSupport elements, and using index 0 in the condition can avoid out of bounds access.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-129

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2025-12647

BDU:2024-07938

CVE-2024-41061

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-7089-1

USN-7089-2

USN-7089-3

USN-7089-4

USN-7089-5

USN-7089-6

USN-7089-7

USN-7090-1

USN-7095-1

USN-7156-1

Affected Products

Alt Linux

Linuxmint

Linux Kernel

Suse

Ubuntu

PT-2024-6725 · Linux+4 · Linux Kernel+4

CVE-2024-41061

Weakness Enumeration

Related Identifiers

Affected Products

References · 1539