CVE-2024-42120 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check pipe offset before setting vblank pipe_ctx has a size of MAX_PIPES so checking its index before accessing the array. This fixes an OVERRUN issue reported by Coverity.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0b3702f9d43d163fd05e43b7d7e22e766dbef329
https://git.kernel.org/stable/c/5396a70e8cf462ec5ccf2dc8de103c79de9489e6
https://git.kernel.org/stable/c/96bf81cc1bd058bb8af6e755a548e926e934dfd1
https://git.kernel.org/stable/c/b2e9abc95583ac7bbb2c47da4d476a798146dfd6
https://git.kernel.org/stable/c/c5ec2afeeee4c91cebc4eff6d4f1ecf4047259f4
https://git.kernel.org/stable/c/d2c3645a4a5ae5d933b4116c305d9d82b8199dbf
https://lore.kernel.org/linux-cve-announce/2024073024-CVE-2024-42120-c2ff@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-42120
https://www.cve.org/CVERecord?id=CVE-2024-42120

History

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 30 Aug 2024 02:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.2, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-30T07:46:12.136Z

Updated: 2024-11-05T09:37:47.933Z

Reserved: 2024-07-29T15:50:41.178Z

Link: CVE-2024-42120

Vulnrichment

Updated: 2024-08-02T04:54:32.091Z

NVD

Status : Awaiting Analysis

Published: 2024-07-30T08:15:04.273

Modified: 2024-07-30T13:32:45.943

Link: CVE-2024-42120

Redhat

Severity : Moderate

Publid Date: 2024-07-30T00:00:00Z

Links: CVE-2024-42120 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42120", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-29T15:50:41.178Z", "datePublished": "2024-07-30T07:46:12.136Z", "dateUpdated": "2024-11-05T09:37:47.933Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:37:47.933Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check pipe offset before setting vblank\n\npipe_ctx has a size of MAX_PIPES so checking its index before accessing\nthe array.\n\nThis fixes an OVERRUN issue reported by Coverity."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "b2e9abc95583", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "0b3702f9d43d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "d2c3645a4a5a", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "96bf81cc1bd0", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "c5ec2afeeee4", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "5396a70e8cf4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c"], "versions": [{"version": "5.10.222", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.163", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.98", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.39", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b2e9abc95583ac7bbb2c47da4d476a798146dfd6"}, {"url": "https://git.kernel.org/stable/c/0b3702f9d43d163fd05e43b7d7e22e766dbef329"}, {"url": "https://git.kernel.org/stable/c/d2c3645a4a5ae5d933b4116c305d9d82b8199dbf"}, {"url": "https://git.kernel.org/stable/c/96bf81cc1bd058bb8af6e755a548e926e934dfd1"}, {"url": "https://git.kernel.org/stable/c/c5ec2afeeee4c91cebc4eff6d4f1ecf4047259f4"}, {"url": "https://git.kernel.org/stable/c/5396a70e8cf462ec5ccf2dc8de103c79de9489e6"}], "title": "drm/amd/display: Check pipe offset before setting vblank", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.091Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b2e9abc95583ac7bbb2c47da4d476a798146dfd6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0b3702f9d43d163fd05e43b7d7e22e766dbef329", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d2c3645a4a5ae5d933b4116c305d9d82b8199dbf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/96bf81cc1bd058bb8af6e755a548e926e934dfd1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c5ec2afeeee4c91cebc4eff6d4f1ecf4047259f4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5396a70e8cf462ec5ccf2dc8de103c79de9489e6", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42120", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:17:00.348266Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:05.414Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b2e9abc95583ac7bbb2c47da4d476a798146dfd6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0b3702f9d43d163fd05e43b7d7e22e766dbef329", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d2c3645a4a5ae5d933b4116c305d9d82b8199dbf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/96bf81cc1bd058bb8af6e755a548e926e934dfd1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c5ec2afeeee4c91cebc4eff6d4f1ecf4047259f4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5396a70e8cf462ec5ccf2dc8de103c79de9489e6", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.091Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42120", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:17:00.348266Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:14.480Z"}}], "cna": {"title": "drm/amd/display: Check pipe offset before setting vblank", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "b2e9abc95583", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "0b3702f9d43d", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "d2c3645a4a5a", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "96bf81cc1bd0", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "c5ec2afeeee4", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "5396a70e8cf4", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.10.222", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.163", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.98", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.39", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.9", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b2e9abc95583ac7bbb2c47da4d476a798146dfd6"}, {"url": "https://git.kernel.org/stable/c/0b3702f9d43d163fd05e43b7d7e22e766dbef329"}, {"url": "https://git.kernel.org/stable/c/d2c3645a4a5ae5d933b4116c305d9d82b8199dbf"}, {"url": "https://git.kernel.org/stable/c/96bf81cc1bd058bb8af6e755a548e926e934dfd1"}, {"url": "https://git.kernel.org/stable/c/c5ec2afeeee4c91cebc4eff6d4f1ecf4047259f4"}, {"url": "https://git.kernel.org/stable/c/5396a70e8cf462ec5ccf2dc8de103c79de9489e6"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check pipe offset before setting vblank\n\npipe_ctx has a size of MAX_PIPES so checking its index before accessing\nthe array.\n\nThis fixes an OVERRUN issue reported by Coverity."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:37:47.933Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42120", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:37:47.933Z", "dateReserved": "2024-07-29T15:50:41.178Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-30T07:46:12.136Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: drm/amd/display: Check pipe offset before setting vblank", "id": "2301485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301485"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/amd/display: Check pipe offset before setting vblank\npipe_ctx has a size of MAX_PIPES so checking its index before accessing\nthe array.\nThis fixes an OVERRUN issue reported by Coverity.", "A vulnerability in the DRM/AMD/display subsystem in the Linux Kernel was resolved by adding a check for the `pipe_ctx` index before accessing the `vblank` array. This fix addresses an out-of-bounds access issue reported by Coverity, preventing potential memory corruption and enhancing system stability. The check ensures that the index is within the valid range, safeguarding against buffer overruns."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42120", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42120\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42120\nhttps://lore.kernel.org/linux-cve-announce/2024073024-CVE-2024-42120-c2ff@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.10.222, kernel 5.15.163, kernel 6.1.98, kernel 6.6.39, kernel 6.9.9, kernel 6.10"}