CVE-2024-46773 in Linuxinfo

Summary

by MITRE • 09/18/2024

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Check denominator pbn_div before used

[WHAT & HOW]
A denominator cannot be 0, and is checked before used.

This fixes 1 DIVIDE_BY_ZERO issue reported by Coverity.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 04/06/2026

The vulnerability identified as CVE-2024-46773 resides within the Linux kernel's drm/amd/display subsystem, specifically addressing a critical divide-by-zero condition that could potentially compromise system stability and security. This issue manifests in the display management component responsible for handling AMD graphics hardware configurations. The vulnerability occurs when the kernel attempts to perform arithmetic operations using a denominator value that has not been properly validated, creating an exploitable condition that could lead to system crashes or unauthorized access to kernel memory regions.

The technical flaw represents a classic software engineering error where input validation fails to properly check for zero values before mathematical operations are executed. In this particular case, the pbn_div parameter which serves as a denominator in display bandwidth calculations is not adequately validated before being used in division operations. This type of vulnerability falls under the CWE-369 weakness category, specifically representing a divide-by-zero condition that occurs when a program attempts to divide a number by zero, leading to potential system instability or denial of service conditions. The vulnerability was identified through static analysis tools like Coverity, which detected the improper handling of division operations that could result in arithmetic exceptions.

The operational impact of this vulnerability extends beyond simple system crashes, as it represents a potential pathway for attackers to exploit kernel memory management functions. When a division by zero occurs in kernel space, it typically results in a kernel panic or system crash that can be leveraged to cause denial of service attacks against critical systems. The AMD display subsystem is particularly sensitive to such conditions since it manages real-time display bandwidth allocation and hardware resource management, making this vulnerability potentially dangerous in environments where stable display operations are critical. According to ATT&CK framework, this vulnerability could be categorized under T1499.004 (Endpoint Denial of Service) and potentially T1068 (Exploitation for Privilege Escalation) if the kernel memory corruption could be exploited further.

Mitigation strategies for CVE-2024-46773 focus on implementing proper input validation and error handling within the kernel's display management code. The fix involves adding a pre-division check to ensure that the pbn_div denominator value is non-zero before any arithmetic operations are performed. This approach aligns with secure coding practices that emphasize defensive programming techniques and proper validation of all inputs to kernel functions. System administrators should prioritize applying the patched kernel version that includes this fix, particularly in production environments where AMD graphics hardware is deployed. The resolution demonstrates the importance of comprehensive static analysis in kernel security, as the Coverity tool was instrumental in identifying this vulnerability before it could be exploited in the wild. Organizations should also implement monitoring for system stability indicators and ensure that kernel updates are applied promptly to address similar vulnerabilities that may exist in other subsystems.

Responsible

Linux

Reservation

09/11/2024

Disclosure

09/18/2024

Moderation

accepted

CPE

ready

EPSS

0.00239

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!