CVE-2024-46871Improper Validation of Array Index in Linux

CWE-129Improper Validation of Array Index38 documents7 sources
Severity
7.8HIGHNVD
OSV5.5
EPSS
0.0%
top 95.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedOct 9
Latest updateApr 28

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX [Why & How] It actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller number to create array dmub_callback & dmub_thread_offload has potential to access item out of array bound. Fix it.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

NVDlinux/linux_kernel6.26.6.50+2
Debianlinux/linux_kernel< 6.1.112-1+2
Ubuntulinux/linux_kernel< 5.15.0-135.146+1
CVEListV5linux/linux4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7ce1896f381d27466c26cb44b4450eae05cd59dfd0+5
debiandebian/linux< linux 6.1.112-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

18
OSV
linux-gcp-5.15 vulnerabilities2025-04-28
OSV
linux-intel-iotg-5.15 vulnerabilities2025-04-24
OSV
linux-ibm-5.15 vulnerabilities2025-04-24
OSV
linux-azure-5.15, linux-azure-fde-5.15 vulnerabilities2025-04-07
OSV
linux-hwe-5.15 vulnerabilities2025-04-02

📋Vendor Advisories

19
Ubuntu
Linux kernel (GCP) vulnerabilities2025-04-28
Ubuntu
Linux kernel (IBM) vulnerabilities2025-04-24
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2025-04-24
Ubuntu
Linux kernel (Azure) vulnerabilities2025-04-07
Ubuntu
Linux kernel (HWE) vulnerabilities2025-04-02