CVE-2024-49969

HIGH EPSS 18.9%
Published Oct 21, 20241y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Oct 21, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 color transformation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_hw_format` function in the DCN30 color management module. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, the function returns false to indicate an error. drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
18.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-129

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel* <5.10.227
linuxlinux_kernel*≥5.11  –  <5.15.168
linuxlinux_kernel*≥5.16  –  <6.1.113
linuxlinux_kernel*≥6.2  –  <6.6.55
linuxlinux_kernel*≥6.7  –  <6.10.14
linuxlinux_kernel*≥6.11  –  <6.11.3

References 9

  • git.kernel.org https://git.kernel.org/stable/c/0f1e222a4b41d77c442901d166fbdca967af0d86
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/578422ddae3d13362b64e77ef9bab98780641631
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7ab69af56a23859b647dee69fa1052c689343621
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/929506d5671419cffd8d01e9a7f5eae53682a838
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b9d8b94ec7e67f0cae228c054f77b73967c389a3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c13f9c62015c56a938304cef6d507227ea3e0039
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d81873f9e715b72d4f8d391c8eb243946f784dfc
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0f1e222a4b41d77c442901d166fbdca967af0d86
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/578422ddae3d13362b64e77ef9bab98780641631
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7ab69af56a23859b647dee69fa1052c689343621
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/929506d5671419cffd8d01e9a7f5eae53682a838
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b9d8b94ec7e67f0cae228c054f77b73967c389a3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c13f9c62015c56a938304cef6d507227ea3e0039
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d81873f9e715b72d4f8d391c8eb243946f784dfc
    Patch