Linux Kernel Vulnerability Affecting AMD Display Management
CVE-2024-56775

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 January 2025

Summary

A vulnerability in the Linux kernel concerning AMD display management was addressed, where the management of plane states lacked proper reference counting. This oversight could lead to memory leaks if the reference count was expected to decrease but was not handled correctly, or it could also lead to double frees and invalid memory accesses when the reference count was expected to increase. The solution involves ensuring that the current reference count is cached and reapplied during plane state restorations, thus enhancing the stability and security of the display management system.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8cb2f6793845f135b28361ba8e96901cae3e5790

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 27227a234c1487cb7a684615f0749c455218833a

Linux 6.12.4 <= 6.12.*

References

https://git.kernel.org/stable/c/8cb2f6793845f135b28361ba8...

https://git.kernel.org/stable/c/27227a234c1487cb7a684615f...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 8, 2025