CVE-2024-35788: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-35788 affects the Linux kernel's AMD display driver (drm/amd/display). The vulnerability was discovered in May 2024 and involves an array index out-of-bounds access issue in the dcn35 DcfClocks bounds check functionality. The issue occurs because NumFclkLevelsEnabled is incorrectly used for DcfClocks bounds check instead of the designated NumDcfClkLevelsEnabled variable (NVD).

The vulnerability exists in the dcn35clkmgr.c file where an incorrect variable is used for bounds checking. Specifically, the code uses clocktable->NumFclkLevelsEnabled instead of clocktable->NumDcfClkLevelsEnabled for validating array access limits. This improper validation can lead to array index out-of-bounds access. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow an attacker to cause array index out-of-bounds access in the Linux kernel's AMD display driver. This could potentially lead to memory corruption, system crashes, or other undefined behavior in affected systems (Kernel Patch).

The vulnerability has been fixed in the Linux kernel through a patch that corrects the bounds check variable. The fix involves using the correct designated variable (NumDcfClkLevelsEnabled) for the dcn35 DcfClocks bounds check. Users should update their Linux kernel to a patched version that includes this fix (Kernel Patch).