CVE-2024-53108

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 2, 2024
Updated: Dec 12, 2024
CWE ID 125

Summary

CVE-2024-53108 is a Linux kernel vulnerability affecting the drm/amd/display module. This issue arises due to an out-of-bounds condition in the AMD EDID's IEEE ID identification for the replay check. The VSDB parser for the replay feature was not adjusted properly, causing KASAN to detect a slab-out-of-bounds issue. Specifically, the ID extraction occurs outside the range of the edid length. To mitigate this issue, the latest commit addresses this problem by considering the amd_vsdb_block size.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share