CVE-2024-56616

HIGH EPSS 11.3%
Published Dec 27, 20241y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Dec 27, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix MST sideband message body length check Fix the MST sideband message body length check, which must be at least 1 byte accounting for the message body CRC (aka message data CRC) at the end of the message. This fixes a case where an MST branch device returns a header with a correct header CRC (indicating a correctly received body length), with the body length being incorrectly set to 0. This will later lead to a memory corruption in drm_dp_sideband_append_payload() and the following errors in dmesg: UBSAN: array-index-out-of-bounds in drivers/gpu/drm/display/drm_dp_mst_topology.c:786:25 index -1 is out of range for type 'u8 [48]' Call Trace: drm_dp_sideband_append_payload+0x33d/0x350 [drm_display_helper] drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper] drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper] memcpy: detected field-spanning write (size 18446744073709551615) of single field "&msg->msg[msg->curlen]" at drivers/gpu/drm/display/drm_dp_mst_topology.c:791 (size 256) Call Trace: drm_dp_sideband_append_payload+0x324/0x350 [drm_display_helper] drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper] drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper]

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
11.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-129

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel* <5.10.233
linuxlinux_kernel*≥5.11  –  <5.15.176
linuxlinux_kernel*≥5.16  –  <6.1.120
linuxlinux_kernel*≥6.2  –  <6.6.66
linuxlinux_kernel*≥6.7  –  <6.12.5
linuxlinux_kernel6.13any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/109f91d8b9335b0f3714ef9920eae5a8b21d56af
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1fc1f32c4a3421b9d803f18ec3ef49db2fb5d5ef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/70e7166612f4e6da8d7d0305c47c465d88d037e5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/780fa184d4dc38ad6c4fded345ab8f9be7a63e96
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bd2fccac61b40eaf08d9546acc9fef958bfe4763
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c58947a8d4a500902597ee1dbadf0518d7ff8801
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/109f91d8b9335b0f3714ef9920eae5a8b21d56af
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1fc1f32c4a3421b9d803f18ec3ef49db2fb5d5ef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/70e7166612f4e6da8d7d0305c47c465d88d037e5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/780fa184d4dc38ad6c4fded345ab8f9be7a63e96
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bd2fccac61b40eaf08d9546acc9fef958bfe4763
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c58947a8d4a500902597ee1dbadf0518d7ff8801
    Patch