CVE-2024-26914

EPSS 0.04%
Published 17.04.2024 16:15:08
Last modified 16.09.2025 16:40:00
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: fix incorrect mpc_combine array size

[why]
MAX_SURFACES is per stream, while MAX_PLANES is per asic. The
mpc_combine is an array that records all the planes per asic. Therefore
MAX_PLANES should be used as the array size. Using MAX_SURFACES causes
array overflow when there are more than 3 planes.

[how]
Use the MAX_PLANES for the mpc_combine array size.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.15 < 6.7.6

Linux ≫ Linux Kernel Version6.8 Updaterc1

Linux ≫ Linux Kernel Version6.8 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.099

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/0bd8ef618a42d7e6ea3f701065264e15678025e3

Patch

https://git.kernel.org/stable/c/39079fe8e660851abbafa90cd55cbf029210661f

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-26914

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-26914

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-26914

EUVD