CVE-2024-49970

'streamencregs' array is an array of dcn10streamencregisters structures. The array is initialized with four elements, corresponding to the four calls to streamenc_regs() in the array initializer. This means that valid indices for this array are 0, 1, 2, and 3.

The error message 'streamencregs' 4 <= 5 below, is indicating that there is an attempt to access this array with an index of 5, which is out of bounds. This could lead to undefined behavior

Here, engid is used as an index to access the streamencregs array. If engid is 5, this would result in an out-of-bounds access on the streamencregs array.

Thus fixing Buffer overflow error in dcn401streamencoder_create

Found by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn401/dcn401resource.c:1209 dcn401streamencodercreate() error: buffer overflow 'streamencregs' 4 <= 5

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c

Fixed

b219b46ad42df1dea9258788bcfea37181f3ccb2

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c

Fixed

bdf606810210e8e07a0cdf1af3c467291363b295

Affected versions

v4.*

v4.13

v4.13-rc6

v4.13-rc7

v4.14

v4.14-rc1

v4.14-rc2

v4.14-rc3

v4.14-rc4

v4.14-rc5

v4.14-rc6

v4.14-rc7

v4.14-rc8

v4.15

v4.15-rc1

v4.15-rc2

v4.15-rc3

v4.15-rc4

v4.15-rc5

v4.15-rc6

v4.15-rc7

v4.15-rc8

v4.15-rc9

v4.16

v4.16-rc1

v4.16-rc2

v4.16-rc3

v4.16-rc4

v4.16-rc5

v4.16-rc6

v4.16-rc7

v4.17

v4.17-rc1

v4.17-rc2

v4.17-rc3

v4.17-rc4

v4.17-rc5

v4.17-rc6

v4.17-rc7

v4.18

v4.18-rc1

v4.18-rc2

v4.18-rc3

v4.18-rc4

v4.18-rc5

v4.18-rc6

v4.18-rc7

v4.18-rc8

v4.19

v4.19-rc1

v4.19-rc2

v4.19-rc3

v4.19-rc4

v4.19-rc5

v4.19-rc6

v4.19-rc7

v4.19-rc8

v4.20

v4.20-rc1

v4.20-rc2

v4.20-rc3

v4.20-rc4

v4.20-rc5

v4.20-rc6

v4.20-rc7

v5.*

v5.0

v5.0-rc1

v5.0-rc2

v5.0-rc3

v5.0-rc4

v5.0-rc5

v5.0-rc6

v5.0-rc7

v5.0-rc8

v5.1

v5.1-rc1

v5.1-rc2

v5.1-rc3

v5.1-rc4

v5.1-rc5

v5.1-rc6

v5.1-rc7

v5.10

v5.10-rc1

v5.10-rc2

v5.10-rc3

v5.10-rc4

v5.10-rc5

v5.10-rc6

v5.10-rc7

v5.11

v5.11-rc1

v5.11-rc2

v5.11-rc3

v5.11-rc4

v5.11-rc5

v5.11-rc6

v5.11-rc7

v5.12

v5.12-rc1

v5.12-rc1-dontuse

v5.12-rc2

v5.12-rc3

v5.12-rc4

v5.12-rc5

v5.12-rc6

v5.12-rc7

v5.12-rc8

v5.13

v5.13-rc1

v5.13-rc2

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v5.2

v5.2-rc1

v5.2-rc2

v5.2-rc3

v5.2-rc4

v5.2-rc5

v5.2-rc6

v5.2-rc7

v5.3

v5.3-rc1

v5.3-rc2

v5.3-rc3

v5.3-rc4

v5.3-rc5

v5.3-rc6

v5.3-rc7

v5.3-rc8

v5.4

v5.4-rc1

v5.4-rc2

v5.4-rc3

v5.4-rc4

v5.4-rc5

v5.4-rc6

v5.4-rc7

v5.4-rc8

v5.5

v5.5-rc1

v5.5-rc2

v5.5-rc3

v5.5-rc4

v5.5-rc5

v5.5-rc6

v5.5-rc7

v5.6

v5.6-rc1

v5.6-rc2

v5.6-rc3

v5.6-rc4

v5.6-rc5

v5.6-rc6

v5.6-rc7

v5.7

v5.7-rc1

v5.7-rc2

v5.7-rc3

v5.7-rc4

v5.7-rc5

v5.7-rc6

v5.7-rc7

v5.8

v5.8-rc1

v5.8-rc2

v5.8-rc3

v5.8-rc4

v5.8-rc5

v5.8-rc6

v5.8-rc7

v5.9

v5.9-rc1

v5.9-rc2

v5.9-rc3

v5.9-rc4

v5.9-rc5

v5.9-rc6

v5.9-rc7

v5.9-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.11.1

v6.11.2

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

{
    "vanir_signatures": [
        {
            "target": {
                "file": "drivers/gpu/drm/amd/display/dc/resource/dcn401/dcn401_resource.c"
            },
            "signature_version": "v1",
            "id": "CVE-2024-49970-74623817",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "29874151990390934342054048988910421409",
                    "59999419756697058385458819735744320405",
                    "292965156715792009294148803149192817620",
                    "139204661310909599469449602131610922069"
                ]
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b219b46ad42df1dea9258788bcfea37181f3ccb2",
            "signature_type": "Line"
        },
        {
            "target": {
                "file": "drivers/gpu/drm/amd/display/dc/resource/dcn401/dcn401_resource.c"
            },
            "signature_version": "v1",
            "id": "CVE-2024-49970-80d69ddf",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "29874151990390934342054048988910421409",
                    "59999419756697058385458819735744320405",
                    "292965156715792009294148803149192817620",
                    "139204661310909599469449602131610922069"
                ]
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bdf606810210e8e07a0cdf1af3c467291363b295",
            "signature_type": "Line"
        },
        {
            "target": {
                "file": "drivers/gpu/drm/amd/display/dc/resource/dcn401/dcn401_resource.c",
                "function": "dcn401_stream_encoder_create"
            },
            "signature_version": "v1",
            "id": "CVE-2024-49970-d0fc66c6",
            "digest": {
                "length": 628.0,
                "function_hash": "334231775337622183325010879550782850056"
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bdf606810210e8e07a0cdf1af3c467291363b295",
            "signature_type": "Function"
        },
        {
            "target": {
                "file": "drivers/gpu/drm/amd/display/dc/resource/dcn401/dcn401_resource.c",
                "function": "dcn401_stream_encoder_create"
            },
            "signature_version": "v1",
            "id": "CVE-2024-49970-e40bc76b",
            "digest": {
                "length": 628.0,
                "function_hash": "334231775337622183325010879550782850056"
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b219b46ad42df1dea9258788bcfea37181f3ccb2",
            "signature_type": "Function"
        }
    ]
}

CVE-2024-49970

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Affected versions

v4.*

v5.*

v6.*

Database specific

Linux / Kernel

Package

Affected ranges