7.8

CVE-2024-42120

drm/amd/display: Check pipe offset before setting vblank

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Check pipe offset before setting vblank

pipe_ctx has a size of MAX_PIPES so checking its index before accessing
the array.

This fixes an OVERRUN issue reported by Coverity.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.15 < 5.10.222
LinuxLinux Kernel Version >= 5.11 < 5.15.163
LinuxLinux Kernel Version >= 5.16 < 6.1.98
LinuxLinux Kernel Version >= 6.2 < 6.6.39
LinuxLinux Kernel Version >= 6.7 < 6.9.9
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.174
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/0b3702f9d43d163fd05e43b7d7e22e766dbef329
Patch
https://git.kernel.org/stable/c/5396a70e8cf462ec5ccf2dc8de103c79de9489e6
Patch
https://git.kernel.org/stable/c/96bf81cc1bd058bb8af6e755a548e926e934dfd1
Patch
https://git.kernel.org/stable/c/b2e9abc95583ac7bbb2c47da4d476a798146dfd6
Patch
https://git.kernel.org/stable/c/c5ec2afeeee4c91cebc4eff6d4f1ecf4047259f4
Patch
https://git.kernel.org/stable/c/d2c3645a4a5ae5d933b4116c305d9d82b8199dbf
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html