Login Sign Up

CVE-2024-42117

7.8 HIGH

📋 TL;DR

This CVE addresses a Linux kernel vulnerability in AMD display driver functions that could lead to memory corruption. When the driver fails to find valid array indices for plane/stream IDs, it previously returned -1, which could cause buffer overruns or negative array indexing. This affects Linux systems with AMD graphics hardware using the vulnerable kernel driver.

💻 Affected Systems

Products:
  • Linux kernel with AMD display driver (drm/amd/display)
Versions: Linux kernel versions containing the vulnerable code before the fix commits
Operating Systems: Linux distributions with vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires AMD graphics hardware and the affected display driver module to be loaded.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or potential local privilege escalation leading to full system compromise.

🟠

Likely Case

System instability, display corruption, or kernel crashes requiring reboot.

🟢

If Mitigated

Minimal impact with proper kernel hardening and privilege separation in place.

🌐 Internet-Facing: LOW - Requires local access to exploit.
🏢 Internal Only: MEDIUM - Local users or processes could trigger the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger the specific display driver functions. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 01eb50e53c1ce505bf449348d433181310288765 and a9c047a5cf3135b8b66bd28fbe2c698b9cace0b3

Vendor Advisory: https://git.kernel.org/stable/c/01eb50e53c1ce505bf449348d433181310288765

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load patched kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable AMD display driver module

linux

Prevent loading of the vulnerable driver module

echo 'blacklist amdgpu' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

  • Restrict local user access to systems with AMD graphics hardware
  • Implement kernel hardening features like SELinux/AppArmor to limit impact

🔍 How to Verify

Check if Vulnerable:

Check if running kernel contains the vulnerable code by examining kernel version and commit history

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits: 01eb50e53c1ce505bf449348d433181310288765 and a9c047a5cf3135b8b66bd28fbe2c698b9cace0b3

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • AMDGPU driver crash logs
  • System crash/reboot events

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "BUG") AND "amdgpu"

📊 Metadata

CVE ID: CVE-2024-42117
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-129
Published: July 30, 2024
Last Updated: September 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42117, you might also want to check these:

CVE-2020-27483 9.9

This vulnerability in Garmin Forerunner 235 devices allows attackers to potentially execute arbitrar...

Same vulnerability type (CWE-129)
CVE-2020-27485 9.9

This vulnerability in Garmin Forerunner 235 devices allows malicious ConnectIQ store applications to...

Same vulnerability type (CWE-129)
CVE-2021-38563 9.8

This vulnerability in Foxit PDF software allows attackers to trigger memory corruption through malfo...

Same vulnerability type (CWE-129)