CVE-2024-46722 Overview
CVE-2024-46722 is an out-of-bounds read vulnerability in the Linux kernel's drm/amdgpu graphics driver. The flaw resides in the handling of the mc_data array, where the kernel may read mc_data[i-1] outside the intended bounds of the buffer. The issue is tracked under [CWE-125: Out-of-bounds Read] and was resolved through a series of upstream kernel commits. Local authenticated users on systems running affected Linux kernel versions with AMD GPU hardware can trigger the condition. Successful exploitation can disclose adjacent kernel memory contents or crash the kernel, impacting confidentiality and availability of the host.
Critical Impact
A local attacker with low privileges can trigger an out-of-bounds read in the amdgpu driver, potentially leaking kernel memory or causing a denial-of-service condition on affected Linux systems.
Affected Products
- Linux Kernel (multiple stable branches prior to the fix commits)
- Linux distributions shipping the affected kernel, including Debian LTS
- Systems using the AMD GPU (amdgpu) Direct Rendering Manager driver
Discovery Timeline
- 2024-09-18 - CVE-2024-46722 published to the National Vulnerability Database
- 2025-11-03 - Last updated in NVD database
Technical Details for CVE-2024-46722
Vulnerability Analysis
The vulnerability is an out-of-bounds read in the AMD GPU Direct Rendering Manager (DRM) driver drm/amdgpu within the Linux kernel. According to the upstream commit message, a loop in the driver accesses mc_data[i-1] without sufficient guarantee that the index i-1 falls within the valid range of the mc_data array. When the iterator i is at its lower boundary, the back-reference dereferences memory preceding the array.
Reading memory outside the intended buffer can disclose adjacent kernel data structures to the calling context. Depending on the surrounding allocator layout, the read may also reference unmapped memory and trigger a kernel oops, halting GPU-dependent workloads. The fix clears the compiler warning and constrains the index access so that the back-reference is performed only when i is greater than zero.
Root Cause
The root cause is missing bounds validation on the back-index i-1 when iterating over the mc_data array in the amdgpu driver. The code path assumed the iterator had advanced past the first element before performing the back-reference, but no explicit guard existed. This is a classic [CWE-125] out-of-bounds read pattern stemming from implicit loop preconditions.
Attack Vector
Exploitation requires local access with low privileges on a Linux system that loads the amdgpu driver. No user interaction is required. An attacker invokes the affected code path through standard DRM interfaces exposed by the kernel to userspace processes that interact with the GPU. The vulnerability does not provide a write primitive, so impact is limited to information disclosure of kernel memory and potential availability loss through kernel faults. Because the vector is local and tied to GPU driver interaction, remote exploitation is not in scope. Refer to the upstream commits in the Linux kernel stable tree for the specific code paths corrected by the fix.
Detection Methods for CVE-2024-46722
Indicators of Compromise
- Kernel ring buffer entries (dmesg) referencing amdgpu, mc_data, or DRM subsystem oops messages
- Unexpected GPU driver crashes or process hangs on hosts with AMD graphics hardware
- KASAN (Kernel Address Sanitizer) reports flagging out-of-bounds reads inside amdgpu functions
Detection Strategies
- Inventory all Linux hosts and identify kernel versions that predate the fix commits listed in the kernel.org stable tree.
- Correlate installed kernel package versions against vendor advisories such as the Debian LTS Announcement and the January 2025 Debian LTS Announcement.
- Enable KASAN in test environments to surface out-of-bounds reads in amdgpu code paths during regression testing.
Monitoring Recommendations
- Forward /var/log/kern.log and journalctl -k output to a centralized log platform and alert on amdgpu oops or BUG signatures.
- Track package update compliance for linux-image-* across the fleet to confirm patched kernels are deployed.
- Monitor for unexpected reboots or GPU-driven workload failures on hosts that expose DRM interfaces to untrusted local users.
How to Mitigate CVE-2024-46722
Immediate Actions Required
- Apply the latest stable Linux kernel update from your distribution that includes the upstream fix commits.
- Prioritize multi-tenant systems and shared workstations where local users can interact with the amdgpu driver.
- Restrict local shell access on affected hosts until patched kernels are installed and the system has been rebooted.
Patch Information
The Linux kernel maintainers resolved CVE-2024-46722 across multiple stable branches. Reference commits include 345bd3ad387f, 2097edede72e, 310b9d8363b8, 51dfc0a4d609, 578ae965e8b9, 5fa4df25ecfc, b862a0bc5356, and d0a43bf367ed. Debian users should consult the Debian LTS Announcement for distribution-specific package versions.
Workarounds
- Unload the amdgpu kernel module on systems that do not require AMD GPU functionality until a patched kernel is installed.
- Limit local login access to trusted administrators on hosts with AMD graphics hardware.
- Where supported, blocklist the amdgpu module via /etc/modprobe.d/ configuration on servers that do not need GPU acceleration.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
