CVE-2024-38552

2024-06-1914:15:15

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

vulnerability

fixed

drm/amd/display

color transformation

function

index out of bounds

issue

transfer function points

error message

buffer overflow

smatch

amdgpu

dcn10

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix potential index out of bounds in color transformation function

Fixes index out of bounds issue in the color transformation function.
The issue could occur when the index ‘i’ exceeds the number of transfer
function points (TRANSFER_FUNC_POINTS).

The fix adds a check to ensure ‘i’ is within bounds before accessing the
transfer function points. If ‘i’ is out of bounds, an error message is
logged and the function returns false to indicate an error.

Reported by smatch:
drivers/gpu/drm/amd/amdgpu/…/display/dc/dcn10/dcn10_cm_common.c:405 cm_helper_translate_curve_to_hw_format() error: buffer overflow ‘output_tf->tf_pts.red’ 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/…/display/dc/dcn10/dcn10_cm_common.c:406 cm_helper_translate_curve_to_hw_format() error: buffer overflow ‘output_tf->tf_pts.green’ 1025 <= s32max
drivers/gpu/drm/amd/amdgpu/…/display/dc/dcn10/dcn10_cm_common.c:407 cm_helper_translate_curve_to_hw_format() error: buffer overflow ‘output_tf->tf_pts.blue’ 1025 <= s32max

Affected configurations

Vulners

Node

linuxlinux_kernelRange4.16–4.19.316

linuxlinux_kernelRange4.20.0–5.4.278

linuxlinux_kernelRange5.5.0–5.10.219

linuxlinux_kernelRange5.11.0–5.15.161

linuxlinux_kernelRange5.16.0–6.1.93

linuxlinux_kernelRange6.2.0–6.6.33

linuxlinux_kernelRange6.7.0–6.8.12

linuxlinux_kernelRange6.9.0–6.9.3

linuxlinux_kernelRange6.10.0–6.10-rc1

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c"
    ],
    "versions": [
      {
        "version": "b629596072e5",
        "lessThan": "604c506ca43f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b629596072e5",
        "lessThan": "e280ab978c81",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b629596072e5",
        "lessThan": "04bc4d1090c3",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b629596072e5",
        "lessThan": "ced9c4e2289a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b629596072e5",
        "lessThan": "98b8a6bfd30d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b629596072e5",
        "lessThan": "4e8c8b37ee84",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b629596072e5",
        "lessThan": "123edbae64f4",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b629596072e5",
        "lessThan": "7226ddf3311c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "b629596072e5",
        "lessThan": "63ae548f1054",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c"
    ],
    "versions": [
      {
        "version": "4.16",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.16",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.316",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.278",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.219",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.161",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.93",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.33",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8.12",
        "lessThanOrEqual": "6.8.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.3",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10-rc1",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]