CVE-2024-26699

HIGH

Linux Kernel < 6.7.6 - Improper Array Index Validation

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr [Why] There is a potential memory access violation while iterating through array of dcn35 clks. [How] Limit iteration per array size.

References (2)

[Patch] https://git.kernel.org/stable/c/46806e59a87790760870d216f54951a5b4d545bc

[Patch] https://git.kernel.org/stable/c/ca400d8e0c1c9d79c08dfb6b7f966e26c8cae7fb

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 11.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-129

Status published

Products (3)

linux/Kernel 6.7.0 - 6.7.6linux

linux/linux_kernel 6.8 rc1 (4 CPE variants)

linux/linux_kernel < 6.7.6

Published Apr 03, 2024

Tracked Since Feb 18, 2026