CVE-2024-42228

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

Severity Score

6.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.
V2: To really improve the handling we would actually need to have a separate value of 0xffffffff.(Christian)

A vulnerability was found in the Linux kernel's amdgpu driver in the amdgpu_vce_ring_parse_cs() function where the size variable is initialized with a pointer that may not be properly set before use. This issue could lead to unpredictable behavior in the system.

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. V2: To really improve the handling we would actually need to have a separate value of 0xffffffff.(Christian)

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

High

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-30 CVE Reserved
2024-07-30 CVE Published
2024-12-19 CVE Updated
2025-03-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-457: Use of Uninitialized Variable

CAPEC

References (10)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8	2024-09-04
https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46	2024-09-04
https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15	2024-09-04
https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712	2024-09-04
https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144	2024-09-04
https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef	2024-07-11
https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440	2024-07-11
https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944	2024-04-26

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-42228	2024-11-12
https://bugzilla.redhat.com/show_bug.cgi?id=2303077	2024-11-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.321 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.321"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.283 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.283"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.225 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.225"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.166 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.166"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.108 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.108"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.39 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.39"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.9.9 Search vendor "Linux" for product "Linux Kernel" and version " < 6.9.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.10 Search vendor "Linux" for product "Linux Kernel" and version " < 6.10"		en		Affected