CVE-2024-56784
Published: 08 January 2025
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adding array index check to prevent memory corruption [Why & How] Array indices out of bound caused memory corruption. Adding checks to ensure that array index stays in bound.
Security Summary
CVE-2024-56784 is a memory corruption vulnerability in the Linux kernel's drm/amd/display component, stemming from an out-of-bounds array index access. This flaw allows invalid array indices to trigger memory corruption, as documented in the kernel commit resolving it. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-787 (Out-of-bounds Write).
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact confidentiality, integrity, and availability violations, potentially leading to arbitrary code execution or system crashes via the memory corruption.
Kernel patches addressing the issue, available at https://git.kernel.org/stable/c/2c437d9a0b496168e1a1defd17b531f0a526dbe9 and https://git.kernel.org/stable/c/dff526dc3e27f5484f5ba11471b9fbbe681467f2, add explicit checks to ensure array indices remain within bounds, preventing the out-of-bounds access. Security practitioners should apply these stable kernel updates to affected systems.
Details
- CWE(s)