#VU97508 Out-of-bounds read in Linux kernel - CVE-2024-46722

Vulnerability identifier: #VU97508

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46722

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/5fa4df25ecfc7b6c9006f5b871c46cfe25ea8826
https://git.kernel.org/stable/c/2097edede72ec5bb3869cf0205337d392fb2a553
https://git.kernel.org/stable/c/310b9d8363b88e818afec97ca7652bd7fe3d0650
https://git.kernel.org/stable/c/345bd3ad387f9e121aaad9c95957b80895e2f2ec
https://git.kernel.org/stable/c/b862a0bc5356197ed159fed7b1c647e77bc9f653
https://git.kernel.org/stable/c/d0a43bf367ed640e527e8ef3d53aac1e71f80114
https://git.kernel.org/stable/c/578ae965e8b90cd09edeb0252b50fa0503ea35c5
https://git.kernel.org/stable/c/51dfc0a4d609fe700750a62f41447f01b8c9ea50

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.