7.8
CVE-2024-46814
- EPSS 0.25%
- Veröffentlicht 27.09.2024 13:15:14
- Zuletzt bearbeitet 03.11.2025 23:16:03
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
drm/amd/display: Check msg_id before processing transcation
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check msg_id before processing transcation [WHY & HOW] HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid array index, and it needs checking before used. This fixes 4 OVERRUN issues reported by Coverity.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 5.10.226
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.167
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.109
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.50
Linux ≫ Linux Kernel Version >= 6.7 < 6.10.9
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.158 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
https://git.kernel.org/stable/c/0147505f08220c89b3a9c90eb608191276e263a8
https://git.kernel.org/stable/c/6590643c5de74098d27933b7d224d5ac065d7755
https://git.kernel.org/stable/c/916083054670060023d3f8a8ace895d710e268f4
https://git.kernel.org/stable/c/cb63090a17d3abb87f132851fa3711281249b7d2
https://git.kernel.org/stable/c/fa71face755e27dc44bc296416ebdf2c67163316
https://git.kernel.org/stable/c/fe63daf7b10253b0faaa60c55d6153cd276927aa
https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html