7.8

CVE-2024-49895

drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation

This commit addresses a potential index out of bounds issue in the
`cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30
color  management module. The issue could occur when the index 'i'
exceeds the  number of transfer function points (TRANSFER_FUNC_POINTS).

The fix adds a check to ensure 'i' is within bounds before accessing the
transfer function points. If 'i' is out of bounds, the function returns
false to indicate an error.

Reported by smatch:
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.10.227
LinuxLinux Kernel Version >= 5.11 < 5.15.168
LinuxLinux Kernel Version >= 5.16 < 6.1.113
LinuxLinux Kernel Version >= 6.2 < 6.6.55
LinuxLinux Kernel Version >= 6.7 < 6.10.14
LinuxLinux Kernel Version >= 6.11 < 6.11.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.187
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/0d38a0751143afc03faef02d55d31f70374ff843
Patch
https://git.kernel.org/stable/c/ad89f83343a501890cf082c8a584e96b59fe4015
Patch
https://git.kernel.org/stable/c/bc50b614d59990747dd5aeced9ec22f9258991ff
Patch
https://git.kernel.org/stable/c/c4fdc2d6fea129684b82bab90bb52fbace494a58
Patch
https://git.kernel.org/stable/c/de6ee4f9e6b1c36b4fdc7c345c1a6de9e246093e
Patch
https://git.kernel.org/stable/c/f3ccd855b4395ce65f10dd37847167f52e122b70
Patch
https://git.kernel.org/stable/c/f5c3d306de91a4b69cfe3eedb72b42d452593e42
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html