CVE-2024-40988: drm/radeon: fix UBSAN warning in kv_dpm.c

Published Jul 12, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

drm/radeon: fix UBSAN warning in kvdpm.c

Adds bounds check for sumovidmappingentry.

Other sources

Linux Kernel is vulnerable to a denial of service, caused by UBSAN Warning in Kvdpm.C. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

IBM

Affected Software

25 affected componentsFixes available
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
redhat/kernel<4.19.317
4.19.317
redhat/kernel<5.4.279
5.4.279
redhat/kernel<5.10.221
5.10.221
redhat/kernel<5.15.162
5.15.162
redhat/kernel<6.1.96
6.1.96
redhat/kernel<6.6.36
6.6.36
redhat/kernel<6.9.7
6.9.7
redhat/kernel<6.10
6.10
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1
debian/linux-6.1
6.1.129-1~deb11u1
Linux Linux kernel<4.19.317
Linux Linux kernel>=4.20<5.4.279
Linux Linux kernel>=5.5<5.10.221
Linux Linux kernel>=5.11<5.15.162
Linux Linux kernel>=5.16<6.1.96
Linux Linux kernel>=6.2<6.6.36
Linux Linux kernel>=6.7<6.9.7
Linux Linux kernel=6.10-rc1
Linux Linux kernel=6.10-rc2
Linux Linux kernel=6.10-rc3
Linux Linux kernel=6.10-rc4

Remediation

Patch Available

https://git.kernel.org/stable/c/07e8f15fa16695cf4c90e89854e59af4a760055b

Patch Available

https://git.kernel.org/stable/c/468a50fd46a09bba7ba18a11054ae64b6479ecdc

Patch Available

https://git.kernel.org/stable/c/9e57611182a817824a17b1c3dd300ee74a174b42

Patch Available

https://git.kernel.org/stable/c/a498df5421fd737d11bfd152428ba6b1c8538321

Patch Available

https://git.kernel.org/stable/c/a8c6df9fe5bc390645d1e96eff14ffe414951aad

Patch Available

https://git.kernel.org/stable/c/cf1cc8fcfe517e108794fb711f7faabfca0dc855

Patch Available

https://git.kernel.org/stable/c/f803532bc3825384100dfc58873e035d77248447

Patch Available

https://git.kernel.org/stable/c/febe794b83693257f21a23d2e03ea695a62449c8

Event History

Jul 12, 2024
CVE Published
via MITRE·12:37 PM
Data Sourced
via MITRE·12:37 PM
Description
Data Sourced
via NVD·01:15 PM
Description
Data Sourced
via NVD·01:15 PM
RemedySeverityWeaknessAffected Software
Apr 27, 2025
Data Sourced
via Ubuntu·06:15 PM
RemedyDescriptionSeverityAffected Software
Jun 2, 57735
Event
via NVD·03:28 AM

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-40988?

CVE-2024-40988 has been classified as a moderate severity vulnerability.

2

How do I fix CVE-2024-40988?

To fix CVE-2024-40988, upgrade your Linux kernel to one of the following versions: 4.19.317, 5.4.279, 5.10.221, 5.15.162, 6.1.96, 6.6.36, 6.9.7, 6.10, or any patched Debian Linux versions.

3

Which Linux kernel versions are affected by CVE-2024-40988?

CVE-2024-40988 affects multiple versions of the Linux kernel prior to the prescribed remedial updates.

4

Is there a workaround for CVE-2024-40988?

Currently, no specific workaround is mentioned for CVE-2024-40988 other than applying the recommended updates.

5

What impact does CVE-2024-40988 have on system performance?

CVE-2024-40988 primarily addresses a bounds checking issue that could potentially lead to system instability, but does not inherently affect system performance.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203