CVE-2024-46731 – This CVE describes an out-of-bounds read vulner... (How to Fix)

Q: What is the severity of CVE-2024-46731?

CVE-2024-46731 has a CVSS score of 7.1 (HIGH). This CVE describes an out-of-bounds read vulnerability in the AMD GPU power management driver (drm/amd/pm) in the Linux kernel. An attacker could potentially read kernel memory beyond allocated bounds, which could lead to information disclosure or be used as part of a more complex attack chain. This affects Linux systems with AMD GPUs using the affected kernel versions.

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in the AMD GPU power management driver (drm/amd/pm) in the Linux kernel. An attacker could potentially read kernel memory beyond allocated bounds, which could lead to information disclosure or be used as part of a more complex attack chain. This affects Linux systems with AMD GPUs using the affected kernel versions.

💻 Affected Systems

Products:

Linux kernel with AMD GPU driver (drm/amd/pm)

Versions: Specific kernel versions containing the vulnerable code (check git commits for exact ranges)

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with AMD GPUs using the kernel's AMD power management driver

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory disclosure leading to privilege escalation or system compromise through chained attacks

🟠

Likely Case

System crash/panic (kernel oops) or information disclosure about kernel memory layout

🟢

If Mitigated

No impact if patched or if exploit attempts are blocked by security controls

🌐 Internet-Facing: LOW - Requires local access to the system

🏢 Internal Only: MEDIUM - Local attackers could potentially exploit this to gain elevated privileges

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to the system. Out-of-bounds read vulnerabilities typically require additional vulnerabilities for full exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the git commits referenced in the CVE

Vendor Advisory: https://git.kernel.org/stable/c/12c6967428a099bbba9dfd247bb4322a984fcc0b

Restart Required: Yes

Instructions:

1. Update Linux kernel to a version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable AMD GPU power management

linux

Temporarily disable the affected driver module to prevent exploitation

sudo modprobe -r amdgpu
echo 'blacklist amdgpu' | sudo tee /etc/modprobe.d/blacklist-amdgpu.conf

🧯 If You Can't Patch

Restrict local access to systems with AMD GPUs
Implement strict privilege separation and limit user access to kernel interfaces

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if AMD GPU driver is loaded: lsmod | grep amdgpu && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and contains the fix commits. Check dmesg for any out-of-bounds read errors.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages in dmesg/syslog
Out-of-bounds access warnings in kernel logs

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("oops" OR "out of bounds" OR "general protection fault")

📊 Metadata

CVE ID: CVE-2024-46731

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: September 18, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46731, you might also want to check these: