CVE-2021-47348

2024-05-2100:00:00

ubuntu.com

linux kernel

vulnerability

drm/amd/display

hdcp

over-read

corruption

code fix

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

Confidence

High

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid HDCP over-read and corruption Instead of reading the
desired 5 bytes of the actual target field, the code was reading 8. This
could result in a corrupted value if the trailing 3 bytes were non-zero, so
instead use an appropriately sized and zero-initialized bounce buffer, and
read only 5 bytes before casting to u64.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-azure< anyUNKNOWN
ubuntu20.04noarchlinux-bluefield< anyUNKNOWN
ubuntu20.04noarchlinux-gcp< anyUNKNOWN
ubuntu20.04noarchlinux-gkeop< anyUNKNOWN
ubuntu20.04noarchlinux-ibm< anyUNKNOWN
ubuntu20.04noarchlinux-iot< anyUNKNOWN
ubuntu20.04noarchlinux-kvm< anyUNKNOWN
ubuntu20.04noarchlinux-oracle< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	20.04	noarch	linux-bluefield	< any	UNKNOWN
ubuntu	20.04	noarch	linux-gcp	< any	UNKNOWN
ubuntu	20.04	noarch	linux-gkeop	< any	UNKNOWN
ubuntu	20.04	noarch	linux-ibm	< any	UNKNOWN
ubuntu	20.04	noarch	linux-iot	< any	UNKNOWN
ubuntu	20.04	noarch	linux-kvm	< any	UNKNOWN
ubuntu	20.04	noarch	linux-oracle	< any	UNKNOWN