Input validation error in Linux kernel dc dce110 driver

Published: 2024-06-27 | Updated: 2025-05-13

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-35799
CWE-ID	CWE-20
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU93448

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35799

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dce110_disable_stream() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.6 - 6.8.2

CPE2.3

External links

https://git.kernel.org/stable/c/4356a2c3f296503c8b420ae8adece053960a9f06
https://git.kernel.org/stable/c/59772327d439874095516673b4b30c48bd83ca38
https://git.kernel.org/stable/c/2b17133a0a2e0e111803124dad09e803718d4a48
https://git.kernel.org/stable/c/72d72e8fddbcd6c98e1b02d32cf6f2b04e10bd1c
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.26
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.