7.8

CVE-2024-46871

drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX

[Why & How]
It actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller
number to create array dmub_callback & dmub_thread_offload has potential to access
item out of array bound. Fix it.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version11.0
LinuxLinux Kernel Version >= 4.15 < 5.15.174
LinuxLinux Kernel Version >= 5.16 < 6.1.109
LinuxLinux Kernel Version >= 6.2 < 6.6.50
LinuxLinux Kernel Version >= 6.7 < 6.10.9
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.117
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37
Patch
https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7
Patch
https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0
Patch
https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98
Patch
https://git.kernel.org/stable/c/e1896f381d27466c26cb44b4450eae05cd59dfd0
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Third Party Advisory
Mailing List