Linux Kernel up to 6.7.5 dsc memory corruption

Summaryinfo

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.7.5. This issue affects some unknown processing of the component dsc. Performing a manipulation results in memory corruption. This vulnerability is reported as CVE-2024-26721. No exploit exists. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability was found in Linux Kernel up to 6.7.5. It has been classified as critical. This affects an unknown functionality of the component dsc. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address Commit bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPS register") defines a new macro to calculate the DSC PPS register addresses with PPS number as an input. This macro correctly calculates the addresses till PPS 11 since the addresses increment by 4. So in that case the following macro works correctly to give correct register address: _MMIO(_DSCA_PPS_0 + (pps) * 4) However after PPS 11, the register address for PPS 12 increments by 12 because of RC Buffer memory allocation in between. Because of this discontinuity in the address space, the macro calculates wrong addresses for PPS 12 - 16 resulting into incorrect DSC PPS parameter value read/writes causing DSC corruption. This fixes it by correcting this macro to add the offset of 12 for PPS >=12. v3: Add correct paranthesis for pps argument (Jani Nikula) (cherry picked from commit 6074be620c31dc2ae11af96a1a5ea95580976fb5)

The advisory is shared at git.kernel.org. This vulnerability is uniquely identified as CVE-2024-26721 since 02/19/2024. The exploitability is told to be easy. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 08/03/2025).

Upgrading to version 6.7.6 or 6.8 eliminates this vulnerability. Applying the patch ff5999fb03f4/962ac2dce56b is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2024-0773). If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Affected

• Debian Linux
• Amazon Linux 2
• Red Hat Enterprise Linux
• Ubuntu Linux
• SUSE Linux
• IBM InfoSphere Guardium
• Oracle Linux
• NetApp FAS
• EMC Avamar
• Oracle VM
• NetApp AFF
• Dell NetWorker
• IBM Security Guardium
• RESF Rocky Linux
• Open Source Linux Kernel
• SolarWinds Security Event Manager
• Broadcom Brocade SANnav
• IBM Business Automation Workflow
• IBM Spectrum Protect Plus
• IBM QRadar SIEM
• Juniper Junos Space
• IBM DB2
• IBM Storage Scale System

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.7.0
• 6.7.1
• 6.7.2
• 6.7.3
• 6.7.4
• 6.7.5

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion