{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-46871", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-09-11T15:12:18.295Z", "datePublished": "2024-10-09T14:02:52.459Z", "dateUpdated": "2025-05-04T09:36:24.848Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:36:24.848Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why & How]\nIt actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback & dmub_thread_offload has potential to access\nitem out of array bound. Fix it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "e1896f381d27466c26cb44b4450eae05cd59dfd0", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9f404b0bc2df3880758fb3c3bc7496f596f347d7", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "800a5ab673c4a61ca220cce177386723d91bdb37", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "c592b6355b9b57b8e59fc5978ce1e14f64488a98", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "ad28d7c3d989fc5689581664653879d664da76f0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h"], "versions": [{"version": "5.15.174", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.109", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.50", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.9", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.174"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.109"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.50"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.10.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.11"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e1896f381d27466c26cb44b4450eae05cd59dfd0"}, {"url": "https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7"}, {"url": "https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37"}, {"url": "https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98"}, {"url": "https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0"}], "title": "drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-10T13:24:03.453806Z", "id": "CVE-2024-46871", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T13:24:17.406Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-46871", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-10T13:24:03.453806Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T13:24:07.266Z"}}], "cna": {"title": "drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "e1896f381d27466c26cb44b4450eae05cd59dfd0", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9f404b0bc2df3880758fb3c3bc7496f596f347d7", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "800a5ab673c4a61ca220cce177386723d91bdb37", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "c592b6355b9b57b8e59fc5978ce1e14f64488a98", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "ad28d7c3d989fc5689581664653879d664da76f0", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.15.174", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.109", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.50", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.9", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/e1896f381d27466c26cb44b4450eae05cd59dfd0"}, {"url": "https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7"}, {"url": "https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37"}, {"url": "https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98"}, {"url": "https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why & How]\nIt actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback & dmub_thread_offload has potential to access\nitem out of array bound. Fix it."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.174"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.109"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.50"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.11"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:36:24.848Z"}}}, "cveMetadata": {"cveId": "CVE-2024-46871", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:36:24.848Z", "dateReserved": "2024-09-11T15:12:18.295Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-09T14:02:52.459Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFD3BACD-EA1D-4437-A135-A3E7A761F54F", "versionEndExcluding": "6.1.109", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536", "versionEndExcluding": "6.6.50", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B", "versionEndExcluding": "6.10.9", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n\n[Why & How]\nIt actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback & dmub_thread_offload has potential to access\nitem out of array bound. Fix it."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Corrija el valor definido para AMDGPU_DMUB_NOTIFICATION_MAX [Por qu\u00e9 y c\u00f3mo] En realidad, expone '6' tipos en la enumeraci\u00f3n dmub_notification_type. No 5. El uso de un n\u00famero menor para crear la matriz dmub_callback y dmub_thread_offload tiene el potencial de acceder a un elemento fuera del l\u00edmite de la matriz. Arr\u00e9glelo."}], "id": "CVE-2024-46871", "lastModified": "2024-12-14T21:15:25.810", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-09T14:15:07.533", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e1896f381d27466c26cb44b4450eae05cd59dfd0"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:6966", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-570.12.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:6966", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-570.12.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}], "bugzilla": {"description": "kernel: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX", "id": "2317581", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317581"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-129", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX\n[Why & How]\nIt actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller\nnumber to create array dmub_callback & dmub_thread_offload has potential to access\nitem out of array bound. Fix it.", "A flaw was found in the AMD Radeon graphics card driver in the Linux kernel. Out-of-bounds access can be triggered due to arrays being created based on the wrong number of maximum DMUB notification types available, resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-46871", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-46871\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46871\nhttps://lore.kernel.org/linux-cve-announce/2024100958-CVE-2024-46871-15f4@gregkh/T"], "statement": "Under normal conditions, unprivileged local users cannot trigger this issue and the system must have an AMD GPU, limiting the impact of this vulnerability.\nAdditionally, this issue is known to impact only the availability of the system with no other relevant security impact.", "threat_severity": "Moderate"}