CVE-2024-52557

EPSS 0.04%
Veröffentlicht 27.02.2025 03:15:10
Zuletzt bearbeitet 01.10.2025 20:17:16
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get()

This patch fixes a potential integer overflow in the zynqmp_dp_rate_get()

The issue comes up when the expression
drm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000 is evaluated using 32-bit
Now the constant is a compatible 64-bit type.

Resolves coverity issues: CID 1636340 and CID 1635811

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.13 < 6.13.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.11

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/325d889c5403ba20a24097f64c32d27ab993c2c3

Patch

https://git.kernel.org/stable/c/67a615c5cb6dc33ed35492dc0d67e496cbe8de68

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-52557

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-52557

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-52557

EUVD