PT-2024-7188 · Linux+5 · Linux Kernel+5

Published

2024-05-02

·

Updated

2026-05-26

·

CVE-2024-46813

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the incorrect calculation of an index in the dc get link at index() function within the drivers/gpu/drm/amd/display/dc/core/dc link exports.c module of the Linux kernel's amdgpu driver. This can potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is fixed by checking the link index before accessing dc->links[], which has a maximum size of MAX LINKS and returns NULL when trying to access with an out-of-bound index, addressing 3 OVERRUN and 1 RESOURCE LEAK issue reported by Coverity.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2025-12647
AZL-49918
BDU:2024-08527
CVE-2024-46813
ECHO-DA71-BA7C-CF1E
OESA-2024-2518
OESA-2024-2519
OESA-2024-2521
OESA-2024-2522
OPENSUSE-SU-2024_3983-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3985-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2024_4131-1
OPENSUSE-SU-2024_4140-1
SUSE-SU-2024:3983-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3985-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4081-1
SUSE-SU-2024:4082-1
SUSE-SU-2024:4100-1
SUSE-SU-2024:4103-1
SUSE-SU-2024:4131-1
SUSE-SU-2024:4140-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:0034-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7196-1

Affected Products

Alt Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu