CVE-2024-46818

drm/amd/display: Check gpio_id before used as array index

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpio_id before used as array index [WHY & HOW] GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore should be checked in advance. This fixes 5 OVERRUN issues reported by Coverity.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/8520fdc8ecc38f240a8e9e7af89cca6739c3e790 patch
https://git.kernel.org/stable/c/40c2e8bc117cab8bca8814735f28a8b121654a84 patch
https://git.kernel.org/stable/c/0184cca30cad74d88f5c875d4e26999e26325700 patch
https://git.kernel.org/stable/c/276e3fd93e3beb5894eb1cc8480f9f417d51524d patch
https://git.kernel.org/stable/c/08e7755f754e3d2cef7d3a7da538d33526bd6f7c patch
https://git.kernel.org/stable/c/3d4198ab612ad48f73383ad3bb5663e6f0cdf406 patch
https://git.kernel.org/stable/c/2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 patch

Frequently Asked Questions

What is the severity of CVE-2024-46818?
CVE-2024-46818 has been scored as a high severity vulnerability.
How to fix CVE-2024-46818?
To fix CVE-2024-46818, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-46818 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-46818 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-46818?
CVE-2024-46818 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.