CVE-2024-53108

HIGH EPSS 15.5%
Published Dec 2, 20241y ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Dec 2, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust VSDB parser for replay feature At some point, the IEEE ID identification for the replay check in the AMD EDID was added. However, this check causes the following out-of-bounds issues when using KASAN: [ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu] [ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383 ... [ 27.821207] Memory state around the buggy address: [ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821234] >ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821243] ^ [ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821268] ================================================================== This is caused because the ID extraction happens outside of the range of the edid lenght. This commit addresses this issue by considering the amd_vsdb_block size. (cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel* <6.6.63
linuxlinux_kernel*≥6.7  –  <6.11.10
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/0a326fbc8f72a320051f27328d4d4e7abdfe68d7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/16dd2825c23530f2259fc671960a3a65d2af69bd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8db867061f4c76505ad62422b65d666b45289217
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0a326fbc8f72a320051f27328d4d4e7abdfe68d7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/16dd2825c23530f2259fc671960a3a65d2af69bd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8db867061f4c76505ad62422b65d666b45289217
    Patch