CVE-2024-46813

EPSS 0.02%
Veröffentlicht 27.09.2024 13:15:14
Zuletzt bearbeitet 10.04.2025 13:15:45
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Check link_index before accessing dc->links[]

[WHY & HOW]
dc->links[] has max size of MAX_LINKS and NULL is return when trying to
access with out-of-bound index.

This fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.10.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.026

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/8aa2864044b9d13e95fe224f32e808afbf79ecdf

Patch

https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782

Patch

https://git.kernel.org/stable/c/032c5407a608ac3b2a98bf4fbda27d12c20c5887

https://nvd.nist.gov/vuln/detail/CVE-2024-46813

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-46813

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-46813

EUVD