In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix potential out-of-bounds access in
‘amdgpu_discovery_reg_base_init()’ The issue arises when the array
‘adev->vcn.vcn_config’ is accessed before checking if the index
‘adev->vcn.num_vcn_inst’ is within the bounds of the array. The fix
involves moving the bounds check before the array access. This ensures that
‘adev->vcn.num_vcn_inst’ is within the bounds of the array before it is
used as an index. Fixes the below:
drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1289
amdgpu_discovery_reg_base_init() error: testing array offset
‘adev->vcn.num_vcn_inst’ after use.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 24.04 | noarch | linux | < 6.8.0-35.35 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < 6.8.0-1009.9 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < 6.8.0-1008.8 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-6.5 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gcp | < 6.8.0-1008.9 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-gcp-6.5 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gke | < 6.8.0-1004.7 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-ibm | < 6.8.0-1006.6 | UNKNOWN |
ubuntu | 24.04 | noarch | linux-lowlatency | < 6.8.0-35.35.1 | UNKNOWN |
git.kernel.org/linus/cdb637d339572398821204a1142d8d615668f1e9 (6.9-rc1)
git.kernel.org/stable/c/8db10cee51e3e11a6658742465edc21986cf1e8d
git.kernel.org/stable/c/8f3e68c6a3fff53c2240762a47a0045d89371775
git.kernel.org/stable/c/b33d4af102b9c1f7a83d3f0ad3cab7d2bab8f058
git.kernel.org/stable/c/cdb637d339572398821204a1142d8d615668f1e9
launchpad.net/bugs/cve/CVE-2024-27042
nvd.nist.gov/vuln/detail/CVE-2024-27042
security-tracker.debian.org/tracker/CVE-2024-27042
ubuntu.com/security/notices/USN-6816-1
ubuntu.com/security/notices/USN-6817-1
ubuntu.com/security/notices/USN-6817-2
ubuntu.com/security/notices/USN-6817-3
ubuntu.com/security/notices/USN-6878-1
www.cve.org/CVERecord?id=CVE-2024-27042