CVE-2024-47661: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47661 affects the Linux kernel's AMD display driver. The vulnerability was discovered in the drm/amd/display subsystem where an integer overflow occurs due to improper type conversion from uint32_t to uint8_t. The issue was identified when dmub_rb_cmd's ramping_boundary, which has a size of uint8_t, was being assigned a value of 0xFFFF (Kernel Patch).

The vulnerability is an integer overflow issue in the Linux kernel's AMD display driver. The problem occurs in two files: dmub_abm_lcd.c and dcn21_hwseq.c, where a uint32_t value of 0xFFFF was being assigned to a uint8_t variable ramping_boundary. The issue was fixed by changing the value to 0xFF to match the uint8_t size limitation. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could potentially lead to a denial of service condition in systems running affected versions of the Linux kernel. The CVSS scoring indicates that while the vulnerability requires local access and low privileges, it could have a high impact on system availability with no impact on confidentiality or integrity (NVD).

The vulnerability has been fixed in Linux kernel version 6.10.9 and later. The fix involves changing the ramping_boundary variable type and value from uint32_t 0xFFFF to uint8_t 0xFF. Users are advised to update their systems to the patched version. The fix has been backported to various Linux distributions including Ubuntu 24.04 LTS and 22.04 LTS (Ubuntu).