CVE-2024-46728: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46728 is a vulnerability in the Linux kernel affecting the AMD display driver component. The issue was discovered in the drm/amd/display subsystem where the auxrdinterval array index was not properly checked before use. The vulnerability was reported through Coverity scan and encompasses 3 buffer overrun issues and 1 integer overflow issue (NVD).

The vulnerability exists in the Linux kernel's AMD display driver, specifically in the DisplayPort training functionality. The auxrdinterval array has a size of 7 elements but lacked proper bounds checking before access. This could lead to buffer overruns and integer overflow conditions. The issue has a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could potentially lead to system crashes or denial of service conditions due to buffer overruns and integer overflow in the AMD display driver component. The impact is limited to systems running affected versions of the Linux kernel with AMD graphics hardware (NVD).

The vulnerability has been fixed in Linux kernel versions 6.8.0-50.51 and later. The fix involves adding proper bounds checking for the auxrdinterval array index. Users should update to patched kernel versions. The fix has been backported to various stable kernel branches (Kernel Patch).