CVE-2024-26660
drm/amd/display: Implement bounds check for stream encoder creation in DCN301
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 'stream_enc_regs' array is an array of dcn10_stream_enc_registers
structures. The array is initialized with four elements, corresponding
to the four calls to stream_enc_regs() in the array initializer. This
means that valid indices for this array are 0, 1, 2, and 3. The error message 'stream_enc_regs' 4 <= 5 below, is indicating that
there is an attempt to access this array with an index of 5, which is
out of bounds. This could lead to undefined behavior Here, eng_id is used as an index to access the stream_enc_regs array. If
eng_id is 5, this would result in an out-of-bounds access on the
stream_enc_regs array. Thus fixing Buffer overflow error in dcn301_stream_encoder_create
reported by Smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn301/dcn301_resource.c:1011 dcn301_stream_encoder_create() error: buffer overflow 'stream_enc_regs' 4 <= 5
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: implementar la verificación de los límites para la creación del codificador de flujo en la matriz DCN301 'stream_enc_regs' es una matriz de estructuras dcn10_stream_enc_registers. La matriz se inicializa con cuatro elementos, correspondientes a las cuatro llamadas a stream_enc_regs() en el inicializador de la matriz. Esto significa que los índices válidos para esta matriz son 0, 1, 2 y 3. El mensaje de error 'stream_enc_regs' 4 <= 5 a continuación indica que hay un intento de acceder a esta matriz con un índice de 5, que no está disponible. de los límites. Esto podría provocar un comportamiento indefinido. Aquí, eng_id se utiliza como índice para acceder a la matriz stream_enc_regs. Si eng_id es 5, esto daría como resultado un acceso fuera de los límites en la matriz stream_enc_regs. Solucionando así el error de desbordamiento de búfer en dcn301_stream_encoder_create informado por Smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn301/dcn301_resource.c:1011 dcn301_stream_encoder_create() error: desbordamiento de búfer 'stream_enc_regs' 4 <= 5
A vulnerability was found in the DRM/AMD/Display module of the Linux Kernel. An out-of-bounds access exists in the 'stream_enc_regs' array within DCN301, while accessing the array with 'eng_id,’ could lead to an out-of-bounds access beyond its four-element size, which can cause a system crash.
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 'stream_enc_regs' array is an array of dcn10_stream_enc_registers structures. The array is initialized with four elements, corresponding to the four calls to stream_enc_regs() in the array initializer. This means that valid indices for this array are 0, 1, 2, and 3. The error message 'stream_enc_regs' 4 <= 5 below, is indicating that there is an attempt to access this array with an index of 5, which is out of bounds. This could lead to undefined behavior Here, eng_id is used as an index to access the stream_enc_regs array. If eng_id is 5, this would result in an out-of-bounds access on the stream_enc_regs array. Thus fixing Buffer overflow error in dcn301_stream_encoder_create reported by Smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn301/dcn301_resource.c:1011 dcn301_stream_encoder_create() error: buffer overflow 'stream_enc_regs' 4 <= 5
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-04-02 CVE Published
- 2024-04-02 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/3a83e4e64bb1522ddac67ffc787d1c38291e1a65 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-26660 | 2024-11-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2272782 | 2024-11-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.11 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15.149" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.11 < 6.1.78 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.1.78" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.11 < 6.6.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.6.17" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.11 < 6.7.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.7.5" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.11 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.8" | en |
Affected
| ||||||