{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-49895", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T12:17:06.026Z", "datePublished": "2024-10-21T18:01:29.028Z", "dateUpdated": "2024-11-05T09:50:55.981Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:50:55.981Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30\ncolor management module. The issue could occur when the index 'i'\nexceeds the number of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure 'i' is within bounds before accessing the\ntransfer function points. If 'i' is out of bounds, the function returns\nfalse to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "ad89f83343a5", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "de6ee4f9e6b1", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "f3ccd855b439", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "0d38a0751143", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "f5c3d306de91", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "c4fdc2d6fea1", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "bc50b614d599", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c"], "versions": [{"version": "5.10.227", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.168", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.113", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.55", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.14", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.3", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/ad89f83343a501890cf082c8a584e96b59fe4015"}, {"url": "https://git.kernel.org/stable/c/de6ee4f9e6b1c36b4fdc7c345c1a6de9e246093e"}, {"url": "https://git.kernel.org/stable/c/f3ccd855b4395ce65f10dd37847167f52e122b70"}, {"url": "https://git.kernel.org/stable/c/0d38a0751143afc03faef02d55d31f70374ff843"}, {"url": "https://git.kernel.org/stable/c/f5c3d306de91a4b69cfe3eedb72b42d452593e42"}, {"url": "https://git.kernel.org/stable/c/c4fdc2d6fea129684b82bab90bb52fbace494a58"}, {"url": "https://git.kernel.org/stable/c/bc50b614d59990747dd5aeced9ec22f9258991ff"}], "title": "drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-49895", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:43:41.739795Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:48:48.513Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-49895", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:43:41.739795Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:43:46.088Z"}}], "cna": {"title": "drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "ad89f83343a5", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "de6ee4f9e6b1", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "f3ccd855b439", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "0d38a0751143", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "f5c3d306de91", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "c4fdc2d6fea1", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "bc50b614d599", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "5.10.227", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.168", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.113", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.55", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.14", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11.3", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12-rc1", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/amd/display/dc/dcn30/dcn30_cm_common.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/ad89f83343a501890cf082c8a584e96b59fe4015"}, {"url": "https://git.kernel.org/stable/c/de6ee4f9e6b1c36b4fdc7c345c1a6de9e246093e"}, {"url": "https://git.kernel.org/stable/c/f3ccd855b4395ce65f10dd37847167f52e122b70"}, {"url": "https://git.kernel.org/stable/c/0d38a0751143afc03faef02d55d31f70374ff843"}, {"url": "https://git.kernel.org/stable/c/f5c3d306de91a4b69cfe3eedb72b42d452593e42"}, {"url": "https://git.kernel.org/stable/c/c4fdc2d6fea129684b82bab90bb52fbace494a58"}, {"url": "https://git.kernel.org/stable/c/bc50b614d59990747dd5aeced9ec22f9258991ff"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30\ncolor management module. The issue could occur when the index 'i'\nexceeds the number of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure 'i' is within bounds before accessing the\ntransfer function points. If 'i' is out of bounds, the function returns\nfalse to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:50:55.981Z"}}}, "cveMetadata": {"cveId": "CVE-2024-49895", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:50:55.981Z", "dateReserved": "2024-10-21T12:17:06.026Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T18:01:29.028Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB525A44-6338-4857-AD90-EA2860D1AD1F", "versionEndExcluding": "5.10.227", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C", "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0", "versionEndExcluding": "6.6.55", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021", "versionEndExcluding": "6.10.14", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9", "versionEndExcluding": "6.11.3", "versionStartIncluding": "6.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30\ncolor management module. The issue could occur when the index 'i'\nexceeds the number of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure 'i' is within bounds before accessing the\ntransfer function points. If 'i' is out of bounds, the function returns\nfalse to indicate an error.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Se corrige el \u00edndice fuera de los l\u00edmites en la traducci\u00f3n del formato de hardware degamma de DCN30. Esta confirmaci\u00f3n aborda un posible problema de \u00edndice fuera de los l\u00edmites en la funci\u00f3n `cm3_helper_translate_curve_to_degamma_hw_format` en el m\u00f3dulo de administraci\u00f3n de color DCN30. El problema podr\u00eda ocurrir cuando el \u00edndice 'i' excede la cantidad de puntos de funci\u00f3n de transferencia (TRANSFER_FUNC_POINTS). La correcci\u00f3n agrega una verificaci\u00f3n para garantizar que 'i' est\u00e9 dentro de los l\u00edmites antes de acceder a los puntos de funci\u00f3n de transferencia. Si 'i' est\u00e1 fuera de los l\u00edmites, la funci\u00f3n devuelve falso para indicar un error. Reportado por smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: desbordamiento de b\u00fafer 'output_tf-&gt;tf_pts.red' 1025 &lt;= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: desbordamiento de b\u00fafer 'output_tf-&gt;tf_pts.green' 1025 &lt;= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: desbordamiento de b\u00fafer 'output_tf-&gt;tf_pts.blue' 1025 &lt;= s32max"}], "id": "CVE-2024-49895", "lastModified": "2024-10-25T14:35:35.013", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T18:15:11.990", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0d38a0751143afc03faef02d55d31f70374ff843"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ad89f83343a501890cf082c8a584e96b59fe4015"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bc50b614d59990747dd5aeced9ec22f9258991ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c4fdc2d6fea129684b82bab90bb52fbace494a58"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/de6ee4f9e6b1c36b4fdc7c345c1a6de9e246093e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f3ccd855b4395ce65f10dd37847167f52e122b70"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f5c3d306de91a4b69cfe3eedb72b42d452593e42"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation", "id": "2320518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320518"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30\ncolor management module. The issue could occur when the index 'i'\nexceeds the number of transfer function points (TRANSFER_FUNC_POINTS).\nThe fix adds a check to ensure 'i' is within bounds before accessing the\ntransfer function points. If 'i' is out of bounds, the function returns\nfalse to indicate an error.\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max"], "name": "CVE-2024-49895", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-49895\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-49895\nhttps://lore.kernel.org/linux-cve-announce/2024102119-CVE-2024-49895-b244@gregkh/T"], "threat_severity": "Moderate"}