#VU99218 Input validation error in Linux kernel - CVE-2024-50003

Vulnerability identifier: #VU99218

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50003

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dmub_hpd_callback() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/eb9329cd882aa274e92bdb1003bc088433fdee86
https://git.kernel.org/stable/c/722d2d8fc423108597b97efbf165187d16d9aa1e
https://git.kernel.org/stable/c/68d603f467a75618eeae5bfe8af32cda47097010
https://git.kernel.org/stable/c/73e441be033d3ed0bdff09b575da3e7d4606ffc9
https://git.kernel.org/stable/c/c2356296f546326f9f06c109e201d42201e1e783
https://git.kernel.org/stable/c/52d4e3fb3d340447dcdac0e14ff21a764f326907

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.