CVE-2024-56775
Published: 08 January 2025
Summary
CVE-2024-56775 is a high-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation requires patching the Linux kernel with commits that cache and re-apply plane refcounts during backup and restore operations to directly eliminate the vulnerability.
Memory protection mechanisms mitigate exploitation of double frees, invalid memory accesses, and leaks stemming from improper plane refcount handling in the kernel.
Vulnerability scanning detects Linux kernels affected by CVE-2024-56775 in the drm/amd/display subsystem through version checks against known vulnerable releases.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel memory corruption (double-free/refcount) in display subsystem directly enables privilege escalation from low-priv user and system DoS via exploitation.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix handling of plane refcount [Why] The mechanism to backup and restore plane states doesn't maintain refcount, which can cause issues if the refcount of the plane changes in…
more
between backup and restore operations, such as memory leaks if the refcount was supposed to go down, or double frees / invalid memory accesses if the refcount was supposed to go up. [How] Cache and re-apply current refcount when restoring plane states.
Deeper analysisAI
CVE-2024-56775 is a vulnerability in the Linux kernel's drm/amd/display subsystem that affects the mechanism for backing up and restoring plane states. The issue arises because this mechanism fails to properly maintain reference counts (refcounts) on planes. If the refcount changes between backup and restore operations, it can lead to memory leaks when the refcount should decrease, or double frees and invalid memory accesses when it should increase. The vulnerability carries a CVSS v3.1 base score of 7.8 and is associated with CWE-401 (Memory Leak) and CWE-415 (Double Free).
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation allows high-impact consequences, including unauthorized disclosure of sensitive information, modification of data, and denial of service through system crashes or corruption, all within the unchanged security scope.
Kernel patches address the issue by caching the current refcount and re-applying it during plane state restoration. Relevant commits are available at https://git.kernel.org/stable/c/27227a234c1487cb7a684615f0749c455218833a and https://git.kernel.org/stable/c/8cb2f6793845f135b28361ba8e96901cae3e5790. Security practitioners should ensure affected Linux kernels are updated to incorporate these fixes.
Details
- CWE(s)