OpenCVE

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix off by one in hdmi_14_process_transaction() The hdcp_i2c_offsets[] array did not have an entry for HDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by one read overflow. I added an entry and copied the 0x0 value for the offset from similar code in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. I also declared several of these arrays as having HDCP_MESSAGE_ID_MAX entries. This doesn't change the code, but it's just a belt and suspenders approach to try future proof the code.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/080bd41d6478a64edf96704fddcda52b1fd5fed7
https://git.kernel.org/stable/c/403c4528e5887af3deb9838cb77a557631d1e138
https://git.kernel.org/stable/c/6a58310d5d1e5b02d0fc9b393ba540c9367bced5
https://git.kernel.org/stable/c/8e6fafd5a22e7a2eb216f5510db7aab54cc545c1
https://lore.kernel.org/linux-cve-announce/2024022839-CVE-2021-47046-3ffe@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2021-47046
https://www.cve.org/CVERecord?id=CVE-2021-47046

History

Mon, 04 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-28T08:13:50.320Z

Updated: 2024-11-04T11:58:22.611Z

Reserved: 2024-02-27T18:42:55.970Z

Link: CVE-2021-47046

Vulnrichment

Updated: 2024-08-04T05:24:39.795Z

NVD

Status : Awaiting Analysis

Published: 2024-02-28T09:15:40.277

Modified: 2024-11-21T06:35:15.473

Link: CVE-2021-47046

Redhat

Severity : Moderate

Publid Date: 2024-02-28T00:00:00Z

Links: CVE-2021-47046 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47046", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-27T18:42:55.970Z", "datePublished": "2024-02-28T08:13:50.320Z", "dateUpdated": "2024-11-04T11:58:22.611Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T11:58:22.611Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix off by one in hdmi_14_process_transaction()\n\nThe hdcp_i2c_offsets[] array did not have an entry for\nHDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by one\nread overflow. I added an entry and copied the 0x0 value for the offset\nfrom similar code in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c.\n\nI also declared several of these arrays as having HDCP_MESSAGE_ID_MAX\nentries. This doesn't change the code, but it's just a belt and\nsuspenders approach to try future proof the code."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c"], "versions": [{"version": "4c283fdac08a", "lessThan": "403c4528e588", "status": "affected", "versionType": "git"}, {"version": "4c283fdac08a", "lessThan": "6a58310d5d1e", "status": "affected", "versionType": "git"}, {"version": "4c283fdac08a", "lessThan": "080bd41d6478", "status": "affected", "versionType": "git"}, {"version": "4c283fdac08a", "lessThan": "8e6fafd5a22e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c"], "versions": [{"version": "5.5", "status": "affected"}, {"version": "0", "lessThan": "5.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.37", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.21", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.4", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/403c4528e5887af3deb9838cb77a557631d1e138"}, {"url": "https://git.kernel.org/stable/c/6a58310d5d1e5b02d0fc9b393ba540c9367bced5"}, {"url": "https://git.kernel.org/stable/c/080bd41d6478a64edf96704fddcda52b1fd5fed7"}, {"url": "https://git.kernel.org/stable/c/8e6fafd5a22e7a2eb216f5510db7aab54cc545c1"}], "title": "drm/amd/display: Fix off by one in hdmi_14_process_transaction()", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47046", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-28T20:31:21.379702Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:15:14.997Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.795Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/403c4528e5887af3deb9838cb77a557631d1e138", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6a58310d5d1e5b02d0fc9b393ba540c9367bced5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/080bd41d6478a64edf96704fddcda52b1fd5fed7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8e6fafd5a22e7a2eb216f5510db7aab54cc545c1", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/403c4528e5887af3deb9838cb77a557631d1e138", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6a58310d5d1e5b02d0fc9b393ba540c9367bced5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/080bd41d6478a64edf96704fddcda52b1fd5fed7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8e6fafd5a22e7a2eb216f5510db7aab54cc545c1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.795Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47046", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-28T20:31:21.379702Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:13.815Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "drm/amd/display: Fix off by one in hdmi_14_process_transaction()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4c283fdac08a", "lessThan": "403c4528e588", "versionType": "git"}, {"status": "affected", "version": "4c283fdac08a", "lessThan": "6a58310d5d1e", "versionType": "git"}, {"status": "affected", "version": "4c283fdac08a", "lessThan": "080bd41d6478", "versionType": "git"}, {"status": "affected", "version": "4c283fdac08a", "lessThan": "8e6fafd5a22e", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.5"}, {"status": "unaffected", "version": "0", "lessThan": "5.5", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.37", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.21", "versionType": "semver", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.4", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/403c4528e5887af3deb9838cb77a557631d1e138"}, {"url": "https://git.kernel.org/stable/c/6a58310d5d1e5b02d0fc9b393ba540c9367bced5"}, {"url": "https://git.kernel.org/stable/c/080bd41d6478a64edf96704fddcda52b1fd5fed7"}, {"url": "https://git.kernel.org/stable/c/8e6fafd5a22e7a2eb216f5510db7aab54cc545c1"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix off by one in hdmi_14_process_transaction()\n\nThe hdcp_i2c_offsets[] array did not have an entry for\nHDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by one\nread overflow. I added an entry and copied the 0x0 value for the offset\nfrom similar code in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c.\n\nI also declared several of these arrays as having HDCP_MESSAGE_ID_MAX\nentries. This doesn't change the code, but it's just a belt and\nsuspenders approach to try future proof the code."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T11:58:22.611Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47046", "state": "PUBLISHED", "dateUpdated": "2024-11-04T11:58:22.611Z", "dateReserved": "2024-02-27T18:42:55.970Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-28T08:13:50.320Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix off by one in hdmi_14_process_transaction()\n\nThe hdcp_i2c_offsets[] array did not have an entry for\nHDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by one\nread overflow. I added an entry and copied the 0x0 value for the offset\nfrom similar code in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c.\n\nI also declared several of these arrays as having HDCP_MESSAGE_ID_MAX\nentries. This doesn't change the code, but it's just a belt and\nsuspenders approach to try future proof the code."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/amd/display: correcci\u00f3n por uno en hdmi_14_process_transaction() La matriz hdcp_i2c_offsets[] no ten\u00eda una entrada para HDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE, por lo que provoc\u00f3 un desbordamiento de lectura desactivado por uno. Agregu\u00e9 una entrada y copi\u00e9 el valor 0x0 para el desplazamiento de un c\u00f3digo similar en drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. Tambi\u00e9n declar\u00e9 que varias de estas matrices ten\u00edan entradas HDCP_MESSAGE_ID_MAX. Esto no cambia el c\u00f3digo, pero es solo un enfoque de cintur\u00f3n y tirantes para probar el c\u00f3digo a prueba de futuro."}], "id": "CVE-2021-47046", "lastModified": "2024-11-21T06:35:15.473", "metrics": {}, "published": "2024-02-28T09:15:40.277", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/080bd41d6478a64edf96704fddcda52b1fd5fed7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/403c4528e5887af3deb9838cb77a557631d1e138"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6a58310d5d1e5b02d0fc9b393ba540c9367bced5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8e6fafd5a22e7a2eb216f5510db7aab54cc545c1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/080bd41d6478a64edf96704fddcda52b1fd5fed7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/403c4528e5887af3deb9838cb77a557631d1e138"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/6a58310d5d1e5b02d0fc9b393ba540c9367bced5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/8e6fafd5a22e7a2eb216f5510db7aab54cc545c1"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: drm/amd/display: Fix off by one in hdmi_14_process_transaction()", "id": "2267014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267014"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-121", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/amd/display: Fix off by one in hdmi_14_process_transaction()\nThe hdcp_i2c_offsets[] array did not have an entry for\nHDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by one\nread overflow. I added an entry and copied the 0x0 value for the offset\nfrom similar code in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c.\nI also declared several of these arrays as having HDCP_MESSAGE_ID_MAX\nentries. This doesn't change the code, but it's just a belt and\nsuspenders approach to try future proof the code.", "An off-by-one read overflow was found in the Linux kernel in the hdmi_14_process_transaction() function. This issue may lead to a crash."], "name": "CVE-2021-47046", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47046\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47046\nhttps://lore.kernel.org/linux-cve-announce/2024022839-CVE-2021-47046-3ffe@gregkh/T/#u"], "statement": "Red Hat Enterprise Linux 8 and 9 are not affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.10.37, kernel 5.11.21, kernel 5.12.4, kernel 5.13"}