CVE-2024-46730: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46730 affects the Linux kernel's AMD display driver (drm/amd/display). The vulnerability was discovered and disclosed on September 18, 2024. The issue involves an array index underflow vulnerability where the timing generator count (tg_inst) could become negative if timing_generator_count equals 0, potentially leading to memory access issues (NVD, Ubuntu).

The vulnerability exists in the Linux kernel's AMD display driver, specifically in the dc_resource.c file. The issue occurs when the timing generator array index (tg_inst) could become negative if timing_generator_count equals 0, which wasn't properly checked before use. This condition could lead to array underflow issues. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could potentially lead to a denial of service condition through array underflow. The CVSS scoring indicates that while the vulnerability requires local access and low privileges, it could result in high availability impact to the affected system (NVD).

The vulnerability has been patched in the Linux kernel. The fix involves adding an additional check to ensure the timing_generator_count is not zero before calculating the tg_inst value. The patch has been integrated into various Linux distributions, including Ubuntu 24.04 LTS (noble) with kernel version 6.8.0-50.51 and Ubuntu 22.04 LTS with kernel version 6.8.0-50.51~22.04.1 (Ubuntu, Kernel Patch).