PT-2024-9914 · Linux+9 · Linux Kernel+9

Srinivasan Shanmugam

·

Published

2024-02-07

·

Updated

2025-09-29

·

CVE-2024-26660

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to a buffer overflow error in the dcn301 stream encoder create function, which is part of the Direct Rendering Manager (DRM) subsystem in the Linux kernel. The error occurs when the eng id is used as an index to access the stream enc regs array, and if eng id is 5, it results in an out-of-bounds access on the stream enc regs array. This could lead to undefined behavior. The vulnerability is related to the lack of bounds checking for stream encoder creation in DCN301.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-120

Related Identifiers

ALSA-2024:5101
ALSA-2024:5102
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
BDU:2025-00023
CESA-2024_5101
CESA-2024_5102
CVE-2024-26660
DSA-5658-1
INFSA-2024_5101
INFSA-2024_5102
INFSA-2024_9315
OPENSUSE-SU-2024_1490-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
RHSA-2024:5101
RHSA-2024:5102
RHSA-2024:9315
RHSA-2024_5101
RHSA-2024_5102
RHSA-2024_9315
RHSA-2025:11810
RLSA-2024:5101
RLSA-2024:5102
RXSA-2024:5101
SUSE-SU-2024:1490-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
USN-6766-1
USN-6766-2
USN-6766-3
USN-6795-1
USN-6828-1
USN-6895-1
USN-6895-2
USN-6895-3
USN-6895-4
USN-6900-1

Affected Products

Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu