CVE-2024-49969

{"id": "CVE-2024-49969", "cveTags": [], "metrics": {}, "published": "2024-10-21T18:15:17.910", "references": [{"url": "https://git.kernel.org/stable/c/0f1e222a4b41d77c442901d166fbdca967af0d86", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/578422ddae3d13362b64e77ef9bab98780641631", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7ab69af56a23859b647dee69fa1052c689343621", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/929506d5671419cffd8d01e9a7f5eae53682a838", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b9d8b94ec7e67f0cae228c054f77b73967c389a3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c13f9c62015c56a938304cef6d507227ea3e0039", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d81873f9e715b72d4f8d391c8eb243946f784dfc", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix index out of bounds in DCN30 color transformation\n\nThis commit addresses a potential index out of bounds issue in the\n`cm3_helper_translate_curve_to_hw_format` function in the DCN30 color\nmanagement module. The issue could occur when the index 'i' exceeds the\nnumber of transfer function points (TRANSFER_FUNC_POINTS).\n\nThe fix adds a check to ensure 'i' is within bounds before accessing the\ntransfer function points. If 'i' is out of bounds, the function returns\nfalse to indicate an error.\n\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Correcci\u00f3n de \u00edndice fuera de los l\u00edmites en transformaci\u00f3n de color DCN30 Esta confirmaci\u00f3n aborda un posible problema de \u00edndice fuera de los l\u00edmites en la funci\u00f3n `cm3_helper_translate_curve_to_hw_format` en el m\u00f3dulo de administraci\u00f3n de color DCN30. El problema podr\u00eda ocurrir cuando el \u00edndice 'i' excede la cantidad de puntos de funci\u00f3n de transferencia (TRANSFER_FUNC_POINTS). La correcci\u00f3n agrega una verificaci\u00f3n para garantizar que 'i' est\u00e9 dentro de los l\u00edmites antes de acceder a los puntos de funci\u00f3n de transferencia. Si 'i' est\u00e1 fuera de los l\u00edmites, la funci\u00f3n devuelve falso para indicar un error. cm3_helper_translate_curve_to_hw_format() error: desbordamiento de b\u00fafer 'output_tf-&gt;tf_pts.red' 1025 &lt;= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: desbordamiento de b\u00fafer 'output_tf-&gt;tf_pts.green' 1025 &lt;= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 Error de cm3_helper_translate_curve_to_hw_format(): desbordamiento de b\u00fafer 'output_tf-&gt;tf_pts.blue' 1025 &lt;= s32max"}], "lastModified": "2024-10-23T15:13:25.583", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}