PT-2024-7191 · Linux+7 · Linux Kernel+7

Published

2024-04-30

·

Updated

2026-05-05

·

CVE-2024-46821

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.8
Description The issue is related to a negative array index read in the Linux kernel, specifically in the drm/amd/pm module. The problem arises from using negative values for clk idex as an index into an array pptable->DpmDescriptor. This could potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.
Recommendations To resolve the issue, upgrade the Linux kernel to a version newer than 6.10.8. As a temporary workaround, consider restricting access to the vulnerable module drm/amd/pm to minimize the risk of exploitation. Avoid using negative values for clk idex as an index into an array pptable->DpmDescriptor until the issue is resolved.

Exploit

Fix

Improper Validation of Array Index

Weakness Enumeration

CWE-129

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-49977
BDU:2024-08530
CVE-2024-46821
DLA-4008-1
DLA-4178-1
DSA-5782-1
OESA-2024-2216
OESA-2024-2218
OESA-2024-2220
OESA-2024-2296
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2024_4315-1
OPENSUSE-SU-2024_4376-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4315-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4364-1
SUSE-SU-2024:4376-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7196-1
USN-7591-1
USN-7591-2
USN-7591-3
USN-7591-4
USN-7591-5
USN-7591-6
USN-7592-1
USN-7593-1
USN-7597-1
USN-7597-2
USN-7598-1
USN-7602-1
USN-7655-1

Affected Products

Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu