CVE-2024-49895

HIGH EPSS 18.9%
Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30 color management module. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, the function returns false to indicate an error. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
18.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-129

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel* <5.10.227
linuxlinux_kernel*≥5.11  –  <5.15.168
linuxlinux_kernel*≥5.16  –  <6.1.113
linuxlinux_kernel*≥6.2  –  <6.6.55
linuxlinux_kernel*≥6.7  –  <6.10.14
linuxlinux_kernel*≥6.11  –  <6.11.3

References 9

  • git.kernel.org https://git.kernel.org/stable/c/0d38a0751143afc03faef02d55d31f70374ff843
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ad89f83343a501890cf082c8a584e96b59fe4015
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bc50b614d59990747dd5aeced9ec22f9258991ff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4fdc2d6fea129684b82bab90bb52fbace494a58
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/de6ee4f9e6b1c36b4fdc7c345c1a6de9e246093e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f3ccd855b4395ce65f10dd37847167f52e122b70
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f5c3d306de91a4b69cfe3eedb72b42d452593e42
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0d38a0751143afc03faef02d55d31f70374ff843
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ad89f83343a501890cf082c8a584e96b59fe4015
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bc50b614d59990747dd5aeced9ec22f9258991ff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4fdc2d6fea129684b82bab90bb52fbace494a58
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/de6ee4f9e6b1c36b4fdc7c345c1a6de9e246093e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f3ccd855b4395ce65f10dd37847167f52e122b70
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f5c3d306de91a4b69cfe3eedb72b42d452593e42
    Patch