CVE-2024-56784
Published: 08 January 2025
Summary
CVE-2024-56784 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely remediation through application of kernel patches that add array bounds checks to prevent out-of-bounds memory corruption.
Implements memory protection safeguards such as bounds checking to protect against unauthorized out-of-bounds array writes causing memory corruption in the kernel.
Requires validation of information inputs like array indices passed to the drm/amd/display component to prevent invalid indices from triggering out-of-bounds access.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel memory corruption (OOB write) with low-priv access directly enables exploitation for privilege escalation to root via arbitrary code execution.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adding array index check to prevent memory corruption [Why & How] Array indices out of bound caused memory corruption. Adding checks to ensure that array index stays in bound.
Deeper analysisAI
CVE-2024-56784 is a memory corruption vulnerability in the Linux kernel's drm/amd/display component, stemming from an out-of-bounds array index access. This flaw allows invalid array indices to trigger memory corruption, as documented in the kernel commit resolving it. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-787 (Out-of-bounds Write).
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact confidentiality, integrity, and availability violations, potentially leading to arbitrary code execution or system crashes via the memory corruption.
Kernel patches addressing the issue, available at https://git.kernel.org/stable/c/2c437d9a0b496168e1a1defd17b531f0a526dbe9 and https://git.kernel.org/stable/c/dff526dc3e27f5484f5ba11471b9fbbe681467f2, add explicit checks to ensure array indices remain within bounds, preventing the out-of-bounds access. Security practitioners should apply these stable kernel updates to affected systems.
Details
- CWE(s)