Main Vulnerability Database SB20240610113

SB20240610113 - Integer underflow in Linux kernel dc dml2 driver

Published: June 10, 2024 Updated: May 13, 2025

Security Bulletin ID SB20240610113

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Integer underflow (CVE-ID: CVE-2024-26913)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the populate_dml_surface_cfg_from_plane_state() and populate_dummy_dml_plane_cfg() functions in drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c. A local user can execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/cdbe0be8874c63bca85b8c38e5b1eecbdd18df31
https://git.kernel.org/stable/c/faf51b201bc42adf500945732abb6220c707d6f3
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.6
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8