{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42228", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-30T07:40:12.250Z", "datePublished": "2024-07-30T07:47:08.955Z", "dateUpdated": "2024-09-11T17:34:33.081Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-04T12:02:13.796Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n need to have a separate value of 0xffffffff.(Christian)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "d35cf41c8eb5", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "3b5057594476", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "df02642c21c9", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "da6a85d19788", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "9ee1534ecdd5", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "855ae72c2031", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "f8f120b3de48", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "88a9a467c548", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c"], "versions": [{"version": "4.19.321", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.283", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.225", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.166", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.108", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.39", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9.9", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8"}, {"url": "https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46"}, {"url": "https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15"}, {"url": "https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712"}, {"url": "https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144"}, {"url": "https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef"}, {"url": "https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440"}, {"url": "https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944"}], "title": "drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.577Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42228", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:14:31.551012Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:33.081Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:54:32.577Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42228", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:14:31.551012Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:24.398Z"}}], "cna": {"title": "drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "d35cf41c8eb5", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "3b5057594476", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "df02642c21c9", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "da6a85d19788", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "9ee1534ecdd5", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "855ae72c2031", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "f8f120b3de48", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "88a9a467c548", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "4.19.321", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.283", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.225", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.166", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.108", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.39", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.9", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8"}, {"url": "https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46"}, {"url": "https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15"}, {"url": "https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712"}, {"url": "https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144"}, {"url": "https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef"}, {"url": "https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440"}, {"url": "https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n need to have a separate value of 0xffffffff.(Christian)"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-04T12:02:13.796Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42228", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:33.081Z", "dateReserved": "2024-07-30T07:40:12.250Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-07-30T07:47:08.955Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFFE1388-D45B-4287-88F7-BBA975D80E4C", "versionEndExcluding": "6.6.39", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085", "versionEndExcluding": "6.9.9", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\n\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\n need to have a separate value of 0xffffffff.(Christian)"}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/amdgpu: uso del valor no inicializado *size al llamar a amdgpu_vce_cs_reloc Inicialice el tama\u00f1o antes de llamar a amdgpu_vce_cs_reloc, como en el caso 0x03000001. V2: Para mejorar realmente el manejo, necesitar\u00edamos tener un valor separado de 0xffffffff. (Christian)"}], "id": "CVE-2024-42228", "lastModified": "2024-09-04T12:15:04.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-30T08:15:07.960", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}], "bugzilla": {"description": "kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc", "id": "2303077", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303077"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "status": "verified"}, "cwe": "CWE-457", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc\nInitialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.\nV2: To really improve the handling we would actually\nneed to have a separate value of 0xffffffff.(Christian)", "A vulnerability was found in the Linux kernel's amdgpu driver in the amdgpu_vce_ring_parse_cs() function where the size variable is initialized with a pointer that may not be properly set before use. This issue could lead to unpredictable behavior in the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42228", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42228\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42228\nhttps://lore.kernel.org/linux-cve-announce/2024073038-CVE-2024-42228-86f5@gregkh/T"], "statement": "Red Hat believes this flaw to be of Moderate severity with a low impact on confidentiality given that the component primarily impacted by this vulnerability is an AMD GPU driver, which is used mainly for rendering graphics on the system. As such, a successful exploit of this vulnerability would likely not result in any sensitive information being leaked.", "threat_severity": "Moderate"}