CVE-2024-27045

EPSS 0.02%
Published 01.05.2024 13:15:49
Last modified 23.12.2024 19:13:59
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'

Tell snprintf() to store at most 10 bytes in the output buffer
instead of 30.

Fixes the below:
drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_debugfs.c:1508 dp_dsc_clock_en_read() error: snprintf() is printing too much 30 vs 10

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.9 < 5.10.214

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.153

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.83

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.23

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.11

Linux ≫ Linux Kernel Version >= 6.8 < 6.8.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.02

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Patch

https://git.kernel.org/stable/c/440f059837418fac1695b65d3ebc6080d33be877

Patch

https://git.kernel.org/stable/c/4b09715f1504f1b6e8dff0e9643630610bc05141

Patch

https://git.kernel.org/stable/c/ad76fd30557d6a106c481e4606a981221ca525f7

Patch

https://git.kernel.org/stable/c/cf114d8d4a8d78df272116a745bb43b48cef65f4

Patch

https://git.kernel.org/stable/c/d346b3e5b25c95d504478507eb867cd3818775ab

Patch