CVE-2022-48979

Published: Oct 21, 2024Modified: Oct 25, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix array index out of bound error in DCN32 DML [Why&How] LinkCapacitySupport array is indexed with the number of voltage states and not the number of max DPPs. Fix the error by changing the array declaration to use the correct (larger) array size of total number of voltage states.

Affected (9)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 6.0.13
Linux Linux Kernel	Version 6.1 rc1
Linux Linux Kernel	Version 6.1 rc2
Linux Linux Kernel	Version 6.1 rc3
Linux Linux Kernel	Version 6.1 rc4
Linux Linux Kernel	Version 6.1 rc5
Linux Linux Kernel	Version 6.1 rc6
Linux Linux Kernel	Version 6.1 rc7
Linux Linux Kernel	Version 6.1 rc8

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (2)

https://git.kernel.org/stable/c/3d8a298b2e83b98042e6ec726e934f535b23e6aa

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/aeffc8fb2174f017a10df114bc312f899904dc68

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.