Impact
The Linux kernel's AMD display driver uses values from the VBIOS integrated information tables as loop bounds when copying HDMI retimer register settings into fixed‑size arrays. Because the HdmiRegNum and Hdmi6GRegNum fields are unsigned bytes that can hold values up to 255 and are not validated, a maliciously crafted VBIOS can cause the copy loops to exceed the array bounds, producing an out‑of‑bounds heap write during driver probe. This flaw involves CWE‑1284 (Incorrect Bounds Check). The resulting memory corruption can lead to privilege escalation or denial of service by executing arbitrary code in kernel mode.
Affected Systems
The vulnerability affects any Linux kernel that includes the drm/amd/display driver and that loads a VBIOS which supplies oversized register counts. The specific kernel release is not given, but the issue existed before the commit that introduced the clamp and is fixed in later releases.
Risk and Exploitability
While the EPSS score is reported as less than 1% and the vulnerability is not listed in the CISA KEV catalog, the nature of the flaw—a heap buffer overflow in kernel space—suggests a high potential impact. The required conditions, such as installing a malformed VBIOS during boot or driver initialization, indicate that the attack vector is likely local and requires privileged or physical access to the system. The lack of public exploits does not negate the risk of a future or targeted attack.
OpenCVE Enrichment
Debian DLA