AZL-54268
See a problem?- Import Source
- https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54268.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/AZL-54268
- Upstream
- Published
- 2024-12-02T14:15:11Z
- Modified
- 2026-04-01T05:16:40.220163Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- CVE-2024-53108 affecting package kernel for versions less than 6.6.64.2-1
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Adjust VSDB parser for replay feature
At some point, the IEEE ID identification for the replay check in the AMD EDID was added. However, this check causes the following out-of-bounds issues when using KASAN:
[ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpudmupdatefreesynccaps+0xefa/0x17a0 [amdgpu] [ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383
...
[ 27.821207] Memory state around the buggy address: [ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821234] >ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821243] ^ [ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821268] ==================================================================
This is caused because the ID extraction happens outside of the range of the edid lenght. This commit addresses this issue by considering the amdvsdbblock size.
(cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8)
- References