CVE-2024-46722: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46722 is a vulnerability discovered in the Linux kernel affecting the AMD GPU driver (drm/amdgpu). The issue was identified as an out-of-bounds read warning in the mcdata array handling within the amdgpuatombios.c file. The vulnerability was disclosed on September 18, 2024, and affects multiple versions of the Linux kernel up to versions 4.19.322, 5.4.284, 5.10.226, and 5.15.167 (NVD).

The vulnerability is classified as an out-of-bounds read (CWE-125) in the AMD GPU driver's memory controller data handling. It received a CVSS v3.1 base score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H. The issue specifically occurs in the amdgpuatombios.c file where there was a potential out-of-bounds read when accessing mcdata[i-1] without proper boundary checking (NVD).

The vulnerability could lead to unauthorized access to memory outside the intended buffer boundaries, potentially resulting in information disclosure or system crashes. The high CVSS score indicates significant potential impact on system confidentiality and availability, though it requires local access to exploit (NVD).

The vulnerability has been patched in various Linux kernel versions. Ubuntu has released fixes for multiple versions including 24.04 LTS (6.8.0-50.51), 22.04 LTS (5.15.0-125.135), 20.04 LTS (5.4.0-200.220), and 18.04 LTS (4.15.0-231.243). Debian has also released fixes for bullseye (5.10.234-1) and bookworm (6.1.128-1) (Ubuntu, Debian).