AZL-51852

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51852.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-51852

Upstream

CVE-2024-49970

Published

2024-10-21T18:15:17Z

Modified

2026-04-01T05:17:46.358298Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-49970 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Implement bounds check for stream encoder creation in DCN401

'streamencregs' array is an array of dcn10streamencregisters structures. The array is initialized with four elements, corresponding to the four calls to streamenc_regs() in the array initializer. This means that valid indices for this array are 0, 1, 2, and 3.

The error message 'streamencregs' 4 <= 5 below, is indicating that there is an attempt to access this array with an index of 5, which is out of bounds. This could lead to undefined behavior

Here, engid is used as an index to access the streamencregs array. If engid is 5, this would result in an out-of-bounds access on the streamencregs array.

Thus fixing Buffer overflow error in dcn401streamencoder_create

Found by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn401/dcn401resource.c:1209 dcn401streamencodercreate() error: buffer overflow 'streamencregs' 4 <= 5

References

https://nvd.nist.gov/vuln/detail/CVE-2024-49970

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51852.json"