7.8

CVE-2023-52812

drm/amd: check num of link levels when update pcie param

In the Linux kernel, the following vulnerability has been resolved:

drm/amd: check num of link levels when update pcie param

In SR-IOV environment, the value of pcie_table->num_of_link_levels will
be 0, and num_of_levels - 1 will cause array index out of bounds
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version11.0
LinuxLinux Kernel Version >= 5.19 < 6.1.119
LinuxLinux Kernel Version >= 6.2 < 6.5.13
LinuxLinux Kernel Version >= 6.6 < 6.6.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.173
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/09f617219fe9ccd8d7b65dc3e879b5889f663b5a
Patch
https://git.kernel.org/stable/c/2f2d48b6247ae3001f83c98730b3cce475cb2927
Patch
https://git.kernel.org/stable/c/406e8845356d18bdf3d3a23b347faf67706472ec
Patch
https://git.kernel.org/stable/c/5b4574b663d0a1a0a62d5232429b7db9ae6d0670
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Third Party Advisory
Mailing List