CVE-2024-46813: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46813 is a vulnerability in the Linux kernel affecting the AMD display driver component. The issue was discovered in the drm/amd/display module where there was a lack of proper bounds checking before accessing dc->links[] array. The vulnerability was disclosed on September 27, 2024, and affects Linux kernel versions up to (excluding) 6.10.9 (NVD).

The vulnerability exists in the dc_get_link_at_index function within the AMD display driver where the link_index parameter was not properly validated before accessing the dc->links[] array. The array has a maximum size of MAX_LINKS, and without proper bounds checking, it could lead to buffer overrun issues. The issue was identified by Coverity scan which reported 3 OVERRUN and 1 RESOURCE_LEAK problems. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could potentially lead to buffer overruns and resource leaks in the Linux kernel's AMD display driver component. If exploited, it could allow an attacker with local access to potentially achieve privilege escalation, cause system crashes, or leak sensitive information (NVD).

The vulnerability has been fixed in Linux kernel version 6.10.9 and later. The fix involves adding a bounds check before accessing the dc->links[] array in the dc_get_link_at_index function. Users are advised to upgrade to the patched version. The fix has been backported to various Linux distributions including Ubuntu 24.04 LTS and 22.04 LTS (Ubuntu, Kernel Patch).