| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024102119-CVE-2024-49895-b244@gregkh> Date: Mon, 21 Oct 2024 20:01:43 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30 color management module. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, the function returns false to indicate an error. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max The Linux kernel CVE team has assigned CVE-2024-49895 to this issue. Affected and fixed versions =========================== Fixed in 5.10.227 with commit ad89f83343a5 Fixed in 5.15.168 with commit de6ee4f9e6b1 Fixed in 6.1.113 with commit f3ccd855b439 Fixed in 6.6.55 with commit 0d38a0751143 Fixed in 6.10.14 with commit f5c3d306de91 Fixed in 6.11.3 with commit c4fdc2d6fea1 Fixed in 6.12-rc1 with commit bc50b614d599 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-49895 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/ad89f83343a501890cf082c8a584e96b59fe4015 https://git.kernel.org/stable/c/de6ee4f9e6b1c36b4fdc7c345c1a6de9e246093e https://git.kernel.org/stable/c/f3ccd855b4395ce65f10dd37847167f52e122b70 https://git.kernel.org/stable/c/0d38a0751143afc03faef02d55d31f70374ff843 https://git.kernel.org/stable/c/f5c3d306de91a4b69cfe3eedb72b42d452593e42 https://git.kernel.org/stable/c/c4fdc2d6fea129684b82bab90bb52fbace494a58 https://git.kernel.org/stable/c/bc50b614d59990747dd5aeced9ec22f9258991ff
Powered by blists - more mailing lists