CVE-2024-46814

EPSS 0.01%
Published 27.09.2024 13:15:14
Last modified 03.11.2025 23:16:03
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Check msg_id before processing transcation

[WHY & HOW]
HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid
array index, and it needs checking before used.

This fixes 4 OVERRUN issues reported by Coverity.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.10.226

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.167

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.109

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.50

Linux ≫ Linux Kernel Version >= 6.7 < 6.10.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.012

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/0147505f08220c89b3a9c90eb608191276e263a8

Patch

https://git.kernel.org/stable/c/6590643c5de74098d27933b7d224d5ac065d7755

Patch

https://git.kernel.org/stable/c/916083054670060023d3f8a8ace895d710e268f4

Patch

https://git.kernel.org/stable/c/cb63090a17d3abb87f132851fa3711281249b7d2

Patch

https://git.kernel.org/stable/c/fa71face755e27dc44bc296416ebdf2c67163316

Patch

https://git.kernel.org/stable/c/fe63daf7b10253b0faaa60c55d6153cd276927aa

Patch