CVE-2024-47662: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47662 affects the Linux kernel's AMD display driver, specifically in the DMCUB diagnostic collection functionality for DCN35. The vulnerability was discovered and disclosed in October 2024, affecting Linux kernel versions up to (excluding) 6.10.9. The issue involves improper register access in the drm/amd/display subsystem (NVD, Kernel Patch).

The vulnerability stems from improper register access in the DCN35 DMCUB diagnostic collection system. When DMCUB work times out and diagnostics are collected, reading certain registers triggers a security violation that blocks Z8 entry. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a security violation when DMCUB work times out during diagnostic collection, potentially causing system availability issues by blocking Z8 entry. This primarily affects systems using AMD display drivers with DCN35 functionality (Kernel Patch).

The issue has been fixed by removing the problematic register read from DCN35. The fix is available in Linux kernel version 6.10.9 and later. Ubuntu has released patches for various kernel versions including 24.04 LTS (noble) and 22.04 LTS (jammy) (Ubuntu Security).