CVE-2024-46871

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX [Why & How] It actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller number to create array dmub_callback & dmub_thread_offload has potential to access item out of array bound. Fix it.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

23 Oct 2024, 16:10

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CWE CWE-129
First Time Linux linux Kernel
Linux
References () https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37 - () https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37 - Patch
References () https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7 - () https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7 - Patch
References () https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0 - () https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0 - Patch
References () https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98 - () https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98 - Patch

10 Oct 2024, 12:51

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Corrija el valor definido para AMDGPU_DMUB_NOTIFICATION_MAX [Por qué y cómo] En realidad, expone '6' tipos en la enumeración dmub_notification_type. No 5. El uso de un número menor para crear la matriz dmub_callback y dmub_thread_offload tiene el potencial de acceder a un elemento fuera del límite de la matriz. Arréglelo.

09 Oct 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-09 14:15

Updated : 2024-10-23 16:10


NVD link : CVE-2024-46871

Mitre link : CVE-2024-46871

CVE.ORG link : CVE-2024-46871


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-129

Improper Validation of Array Index