CVE-2024-26699 – This CVE-2024-26699 is an array index out-of-bo... (How to Fix)

Q: What is the severity of CVE-2024-26699?

CVE-2024-26699 has a CVSS score of 7.8 (HIGH). This CVE-2024-26699 is an array index out-of-bounds vulnerability in the AMD display driver (drm/amd/display) in the Linux kernel. It allows potential memory access violations when iterating through clock management arrays, which could lead to kernel crashes or privilege escalation. Systems running affected Linux kernel versions with AMD graphics hardware are vulnerable.

📋 TL;DR

This CVE-2024-26699 is an array index out-of-bounds vulnerability in the AMD display driver (drm/amd/display) in the Linux kernel. It allows potential memory access violations when iterating through clock management arrays, which could lead to kernel crashes or privilege escalation. Systems running affected Linux kernel versions with AMD graphics hardware are vulnerable.

💻 Affected Systems

Products:

Linux kernel with AMD display driver (drm/amd/display)

Versions: Linux kernel versions containing the vulnerable dcn35_clkmgr code (specific versions not specified in CVE, but patches available in stable branches)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires AMD graphics hardware and the affected display driver module to be loaded/used.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation to kernel mode allowing full system compromise.

🟠

Likely Case

System instability, crashes, or denial of service when the vulnerable display driver code path is triggered.

🟢

If Mitigated

Limited impact with proper kernel hardening and isolation, though crashes may still occur.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring local access or another exploit chain.

🏢 Internal Only: MEDIUM - Local users or compromised applications could potentially exploit this to crash systems or escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering the specific vulnerable code path in the display driver, which may require specific graphics operations or conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in Linux kernel stable branches (commits: 46806e59a87790760870d216f54951a5b4d545bc, ca400d8e0c1c9d79c08dfb6b7f966e26c8cae7fb)

Vendor Advisory: https://git.kernel.org/stable/c/46806e59a87790760870d216f54951a5b4d545bc

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from distribution repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable AMD display driver module

linux

Prevent loading of the vulnerable drm/amd/display module (not recommended for systems requiring AMD graphics)

echo 'blacklist amdgpu' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

Restrict local user access and implement strict application control
Implement kernel hardening measures like SELinux/AppArmor to limit impact

🔍 How to Verify

Check if Vulnerable:

Check kernel version and whether AMD display driver is loaded: 'lsmod | grep amdgpu' and 'uname -r'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to one containing the fix commits, and system remains stable during graphics operations

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages in /var/log/kern.log or dmesg
System crashes during display/graphics operations

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("Oops" OR "general protection fault" OR "kernel panic") AND process="amdgpu"

📊 Metadata

CVE ID: CVE-2024-26699

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-129

Published: April 3, 2024

Last Updated: February 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26699, you might also want to check these: