SB20240608131 - Infinite loop in Linux kernel dc bios driver
Published: June 8, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240608131
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Infinite loop (CVE-ID: CVE-2024-26767)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the link_validate_dpia_bandwidth() function in drivers/gpu/drm/amd/display/dc/link/link_validation.c, within the get_firmware_info_v3_2(), get_integrated_info_v11(), get_integrated_info_v2_1() and get_integrated_info_v2_2() functions in drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/71783d1ff65204d69207fd156d4b2eb1d3882375
- https://git.kernel.org/stable/c/beea9ab9080cd2ef46296070bb327af066ee09d7
- https://git.kernel.org/stable/c/0484e05d048b66d01d1f3c1d2306010bb57d8738
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.130
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8