| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024091835-CVE-2024-46724-02f5@gregkh> Date: Wed, 18 Sep 2024 08:32:41 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-46724: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Check the fb_channel_number range to avoid the array out-of-bounds read error The Linux kernel CVE team has assigned CVE-2024-46724 to this issue. Affected and fixed versions =========================== Fixed in 5.10.226 with commit 725b728cc0c8 Fixed in 5.15.167 with commit 45f7b02afc46 Fixed in 6.1.109 with commit 32915dc909ff Fixed in 6.6.50 with commit f9267972490f Fixed in 6.10.9 with commit db7a86676fd6 Fixed in 6.11 with commit d768394fa994 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-46724 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/amd/amdgpu/df_v1_7.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4 https://git.kernel.org/stable/c/45f7b02afc464c208e8f56bcbc672ef5c364c815 https://git.kernel.org/stable/c/32915dc909ff502823babfe07d5416c5b6e8a8b1 https://git.kernel.org/stable/c/f9267972490f9fcffe146e79828e97acc0da588c https://git.kernel.org/stable/c/db7a86676fd624768a5d907faf34ad7bb4ff25f4 https://git.kernel.org/stable/c/d768394fa99467bcf2703bde74ddc96eeb0b71fa
Powered by blists - more mailing lists