CVE-2024-56608: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' An issue was identified in the dcn21_link_encoder_create function where an out-of-bounds access could occur when the hpd_source index was used to reference the link_enc_hpd_regs array. This array has a fixed size and the index was not being checked against the array's bounds before accessing it. This fix adds a conditional check to ensure that the hpd_source index is within the valid range of the link_enc_hpd_regs array. If the index is out of bounds, the function now returns NULL to prevent undefined behavior. References: [ 65.920507] ------------[ cut here ]------------ [ 65.920510] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn21/dcn21_resource.c:1312:29 [ 65.920519] index 7 is out of range for type 'dcn10_link_enc_hpd_registers [5]' [ 65.920523] CPU: 3 PID: 1178 Comm: modprobe Tainted: G OE 6.8.0-cleanershaderfeatureresetasdntipmi200nv2132 #13 [ 65.920525] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS WMJ0429N_Weekly_20_04_2 04/29/2020 [ 65.920527] Call Trace: [ 65.920529] <TASK> [ 65.920532] dump_stack_lvl+0x48/0x70 [ 65.920541] dump_stack+0x10/0x20 [ 65.920543] __ubsan_handle_out_of_bounds+0xa2/0xe0 [ 65.920549] dcn21_link_encoder_create+0xd9/0x140 [amdgpu] [ 65.921009] link_create+0x6d3/0xed0 [amdgpu] [ 65.921355] create_links+0x18a/0x4e0 [amdgpu] [ 65.921679] dc_create+0x360/0x720 [amdgpu] [ 65.921999] ? dmi_matches+0xa0/0x220 [ 65.922004] amdgpu_dm_init+0x2b6/0x2c90 [amdgpu] [ 65.922342] ? console_unlock+0x77/0x120 [ 65.922348] ? dev_printk_emit+0x86/0xb0 [ 65.922354] dm_hw_init+0x15/0x40 [amdgpu] [ 65.922686] amdgpu_device_init+0x26a8/0x33a0 [amdgpu] [ 65.922921] amdgpu_driver_load_kms+0x1b/0xa0 [amdgpu] [ 65.923087] amdgpu_pci_probe+0x1b7/0x630 [amdgpu] [ 65.923087] local_pci_probe+0x4b/0xb0 [ 65.923087] pci_device_probe+0xc8/0x280 [ 65.923087] really_probe+0x187/0x300 [ 65.923087] __driver_probe_device+0x85/0x130 [ 65.923087] driver_probe_device+0x24/0x110 [ 65.923087] __driver_attach+0xac/0x1d0 [ 65.923087] ? __pfx___driver_attach+0x10/0x10 [ 65.923087] bus_for_each_dev+0x7d/0xd0 [ 65.923087] driver_attach+0x1e/0x30 [ 65.923087] bus_add_driver+0xf2/0x200 [ 65.923087] driver_register+0x64/0x130 [ 65.923087] ? __pfx_amdgpu_init+0x10/0x10 [amdgpu] [ 65.923087] __pci_register_driver+0x61/0x70 [ 65.923087] amdgpu_init+0x7d/0xff0 [amdgpu] [ 65.923087] do_one_initcall+0x49/0x310 [ 65.923087] ? kmalloc_trace+0x136/0x360 [ 65.923087] do_init_module+0x6a/0x270 [ 65.923087] load_module+0x1fce/0x23a0 [ 65.923087] init_module_from_file+0x9c/0xe0 [ 65.923087] ? init_module_from_file+0x9c/0xe0 [ 65.923087] idempotent_init_module+0x179/0x230 [ 65.923087] __x64_sys_finit_module+0x5d/0xa0 [ 65.923087] do_syscall_64+0x76/0x120 [ 65.923087] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 65.923087] RIP: 0033:0x7f2d80f1e88d [ 65.923087] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48 [ 65.923087] RSP: 002b:00007ffc7bc1aa78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 65.923087] RAX: ffffffffffffffda RBX: 0000564c9c1db130 RCX: 00007f2d80f1e88d [ 65.923087] RDX: 0000000000000000 RSI: 0000564c9c1e5480 RDI: 000000000000000f [ 65.923087] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000002 [ 65.923087] R10: 000000000000000f R11: 0000000000000246 R12: 0000564c9c1e5480 [ 65.923087] R13: 0000564c9c1db260 R14: 0000000000000000 R15: 0000564c9c1e54b0 [ 65.923087] </TASK> [ 65.923927] ---[ end trace ]---
AI Analysis
Technical Summary
CVE-2024-56608 is a vulnerability identified in the Linux kernel, specifically within the AMD GPU driver component related to the Direct Rendering Manager (DRM) subsystem. The flaw exists in the function dcn21_link_encoder_create, which is part of the AMD Display Core (DC) driver handling display link encoding for AMD GPUs. The vulnerability arises from an out-of-bounds array access due to the hpd_source index being used without proper bounds checking against the fixed-size array link_enc_hpd_regs. This array has a size of 5, but the index was observed to be 7 in the reported case, leading to an invalid memory access. Such out-of-bounds access can cause undefined behavior including potential kernel crashes, memory corruption, or escalation of privileges if exploited. The Linux kernel patch fixes this by adding a conditional check to verify that the hpd_source index is within the valid range before accessing the array. If the index is out of bounds, the function returns NULL, preventing the unsafe access. The vulnerability was detected through Undefined Behavior Sanitizer (UBSAN) reports and kernel stack traces, indicating a runtime error during module loading or GPU initialization. The affected component is the AMDGPU kernel driver, which is widely used in Linux systems running AMD graphics hardware. The issue is present in Linux kernel versions prior to the patch referenced by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2. No known exploits are currently reported in the wild. This vulnerability is a memory safety issue that could be triggered during GPU driver initialization or module loading, potentially leading to system instability or denial of service. While exploitation for privilege escalation is theoretically possible, it would require local access and specific conditions related to AMD GPU hardware and driver usage.
Potential Impact
For European organizations, the impact of CVE-2024-56608 primarily concerns systems running Linux with AMD GPUs, particularly those using the AMDGPU driver for display management. This includes enterprise servers, workstations, and desktops in sectors such as finance, manufacturing, research, and public administration where Linux is prevalent. The vulnerability could lead to kernel crashes or system instability, resulting in denial of service conditions that disrupt business operations. In environments where high availability is critical, such as data centers or cloud service providers, this could impact service continuity. Although remote exploitation is unlikely, local attackers or malicious insiders with access to vulnerable systems could potentially trigger the flaw to cause crashes or attempt privilege escalation. This risk is heightened in multi-user or shared environments. Additionally, organizations relying on AMD GPU acceleration for compute workloads or graphical applications may experience operational disruptions. The lack of known exploits reduces immediate risk, but the vulnerability's presence in a core kernel driver necessitates prompt attention to avoid future exploitation as attackers often target such memory safety issues once disclosed.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to the patched version containing the fix for CVE-2024-56608. This involves applying the kernel update identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 or later stable releases from their Linux distribution vendors that include this patch. For environments where immediate kernel upgrades are challenging, organizations should consider temporarily disabling or unloading the AMDGPU driver if feasible, especially on systems not requiring AMD GPU functionality. Implementing strict access controls to limit local user privileges can reduce the risk of exploitation by unauthorized users. Monitoring system logs for kernel warnings or UBSAN reports related to out-of-bounds accesses in the AMDGPU driver can help detect attempts to trigger the vulnerability. Organizations should also review their hardware inventory to identify systems with AMD GPUs using the vulnerable driver and prioritize patching accordingly. In virtualized or containerized environments, ensure that host kernels are updated to prevent guest VM or container escape attempts via this flaw. Finally, maintain regular backups and incident response plans to mitigate potential denial of service impacts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain, Belgium
CVE-2024-56608: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' An issue was identified in the dcn21_link_encoder_create function where an out-of-bounds access could occur when the hpd_source index was used to reference the link_enc_hpd_regs array. This array has a fixed size and the index was not being checked against the array's bounds before accessing it. This fix adds a conditional check to ensure that the hpd_source index is within the valid range of the link_enc_hpd_regs array. If the index is out of bounds, the function now returns NULL to prevent undefined behavior. References: [ 65.920507] ------------[ cut here ]------------ [ 65.920510] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn21/dcn21_resource.c:1312:29 [ 65.920519] index 7 is out of range for type 'dcn10_link_enc_hpd_registers [5]' [ 65.920523] CPU: 3 PID: 1178 Comm: modprobe Tainted: G OE 6.8.0-cleanershaderfeatureresetasdntipmi200nv2132 #13 [ 65.920525] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS WMJ0429N_Weekly_20_04_2 04/29/2020 [ 65.920527] Call Trace: [ 65.920529] <TASK> [ 65.920532] dump_stack_lvl+0x48/0x70 [ 65.920541] dump_stack+0x10/0x20 [ 65.920543] __ubsan_handle_out_of_bounds+0xa2/0xe0 [ 65.920549] dcn21_link_encoder_create+0xd9/0x140 [amdgpu] [ 65.921009] link_create+0x6d3/0xed0 [amdgpu] [ 65.921355] create_links+0x18a/0x4e0 [amdgpu] [ 65.921679] dc_create+0x360/0x720 [amdgpu] [ 65.921999] ? dmi_matches+0xa0/0x220 [ 65.922004] amdgpu_dm_init+0x2b6/0x2c90 [amdgpu] [ 65.922342] ? console_unlock+0x77/0x120 [ 65.922348] ? dev_printk_emit+0x86/0xb0 [ 65.922354] dm_hw_init+0x15/0x40 [amdgpu] [ 65.922686] amdgpu_device_init+0x26a8/0x33a0 [amdgpu] [ 65.922921] amdgpu_driver_load_kms+0x1b/0xa0 [amdgpu] [ 65.923087] amdgpu_pci_probe+0x1b7/0x630 [amdgpu] [ 65.923087] local_pci_probe+0x4b/0xb0 [ 65.923087] pci_device_probe+0xc8/0x280 [ 65.923087] really_probe+0x187/0x300 [ 65.923087] __driver_probe_device+0x85/0x130 [ 65.923087] driver_probe_device+0x24/0x110 [ 65.923087] __driver_attach+0xac/0x1d0 [ 65.923087] ? __pfx___driver_attach+0x10/0x10 [ 65.923087] bus_for_each_dev+0x7d/0xd0 [ 65.923087] driver_attach+0x1e/0x30 [ 65.923087] bus_add_driver+0xf2/0x200 [ 65.923087] driver_register+0x64/0x130 [ 65.923087] ? __pfx_amdgpu_init+0x10/0x10 [amdgpu] [ 65.923087] __pci_register_driver+0x61/0x70 [ 65.923087] amdgpu_init+0x7d/0xff0 [amdgpu] [ 65.923087] do_one_initcall+0x49/0x310 [ 65.923087] ? kmalloc_trace+0x136/0x360 [ 65.923087] do_init_module+0x6a/0x270 [ 65.923087] load_module+0x1fce/0x23a0 [ 65.923087] init_module_from_file+0x9c/0xe0 [ 65.923087] ? init_module_from_file+0x9c/0xe0 [ 65.923087] idempotent_init_module+0x179/0x230 [ 65.923087] __x64_sys_finit_module+0x5d/0xa0 [ 65.923087] do_syscall_64+0x76/0x120 [ 65.923087] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 65.923087] RIP: 0033:0x7f2d80f1e88d [ 65.923087] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48 [ 65.923087] RSP: 002b:00007ffc7bc1aa78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 65.923087] RAX: ffffffffffffffda RBX: 0000564c9c1db130 RCX: 00007f2d80f1e88d [ 65.923087] RDX: 0000000000000000 RSI: 0000564c9c1e5480 RDI: 000000000000000f [ 65.923087] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000002 [ 65.923087] R10: 000000000000000f R11: 0000000000000246 R12: 0000564c9c1e5480 [ 65.923087] R13: 0000564c9c1db260 R14: 0000000000000000 R15: 0000564c9c1e54b0 [ 65.923087] </TASK> [ 65.923927] ---[ end trace ]---
AI-Powered Analysis
Technical Analysis
CVE-2024-56608 is a vulnerability identified in the Linux kernel, specifically within the AMD GPU driver component related to the Direct Rendering Manager (DRM) subsystem. The flaw exists in the function dcn21_link_encoder_create, which is part of the AMD Display Core (DC) driver handling display link encoding for AMD GPUs. The vulnerability arises from an out-of-bounds array access due to the hpd_source index being used without proper bounds checking against the fixed-size array link_enc_hpd_regs. This array has a size of 5, but the index was observed to be 7 in the reported case, leading to an invalid memory access. Such out-of-bounds access can cause undefined behavior including potential kernel crashes, memory corruption, or escalation of privileges if exploited. The Linux kernel patch fixes this by adding a conditional check to verify that the hpd_source index is within the valid range before accessing the array. If the index is out of bounds, the function returns NULL, preventing the unsafe access. The vulnerability was detected through Undefined Behavior Sanitizer (UBSAN) reports and kernel stack traces, indicating a runtime error during module loading or GPU initialization. The affected component is the AMDGPU kernel driver, which is widely used in Linux systems running AMD graphics hardware. The issue is present in Linux kernel versions prior to the patch referenced by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2. No known exploits are currently reported in the wild. This vulnerability is a memory safety issue that could be triggered during GPU driver initialization or module loading, potentially leading to system instability or denial of service. While exploitation for privilege escalation is theoretically possible, it would require local access and specific conditions related to AMD GPU hardware and driver usage.
Potential Impact
For European organizations, the impact of CVE-2024-56608 primarily concerns systems running Linux with AMD GPUs, particularly those using the AMDGPU driver for display management. This includes enterprise servers, workstations, and desktops in sectors such as finance, manufacturing, research, and public administration where Linux is prevalent. The vulnerability could lead to kernel crashes or system instability, resulting in denial of service conditions that disrupt business operations. In environments where high availability is critical, such as data centers or cloud service providers, this could impact service continuity. Although remote exploitation is unlikely, local attackers or malicious insiders with access to vulnerable systems could potentially trigger the flaw to cause crashes or attempt privilege escalation. This risk is heightened in multi-user or shared environments. Additionally, organizations relying on AMD GPU acceleration for compute workloads or graphical applications may experience operational disruptions. The lack of known exploits reduces immediate risk, but the vulnerability's presence in a core kernel driver necessitates prompt attention to avoid future exploitation as attackers often target such memory safety issues once disclosed.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernel to the patched version containing the fix for CVE-2024-56608. This involves applying the kernel update identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 or later stable releases from their Linux distribution vendors that include this patch. For environments where immediate kernel upgrades are challenging, organizations should consider temporarily disabling or unloading the AMDGPU driver if feasible, especially on systems not requiring AMD GPU functionality. Implementing strict access controls to limit local user privileges can reduce the risk of exploitation by unauthorized users. Monitoring system logs for kernel warnings or UBSAN reports related to out-of-bounds accesses in the AMDGPU driver can help detect attempts to trigger the vulnerability. Organizations should also review their hardware inventory to identify systems with AMD GPUs using the vulnerable driver and prioritize patching accordingly. In virtualized or containerized environments, ensure that host kernels are updated to prevent guest VM or container escape attempts via this flaw. Finally, maintain regular backups and incident response plans to mitigate potential denial of service impacts.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-27T14:03:06.013Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdf393
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 12:25:18 PM
Last updated: 8/20/2025, 1:45:22 PM
Views: 22
Related Threats
CVE-2025-8678: CWE-918 Server-Side Request Forgery (SSRF) in johnbillion WP Crontrol
MediumCVE-2025-57699: Unquoted search path or element in Western Digital Corporation Western Digital Kitfox for Windows
MediumCVE-2025-8281: CWE-79 Cross-Site Scripting (XSS) in WP Talroo
HighCVE-2025-41452: CWE-15: External Control of System or Configuration Setting in Danfoss AK-SM8xxA Series
MediumCVE-2025-41451: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Danfoss AK-SM8xxA Series
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.