cvelist/2024/26xxx/CVE-2024-26797.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-26797",
        "ASSIGNER": "cve@kernel.org",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Prevent potential buffer overflow in map_hw_resources\n\nAdds a check in the map_hw_resources function to prevent a potential\nbuffer overflow. The function was accessing arrays using an index that\ncould potentially be greater than the size of the arrays, leading to a\nbuffer overflow.\n\nAdds a check to ensure that the index is within the bounds of the\narrays. If the index is out of bounds, an error message is printed and\nbreak it will continue execution with just ignoring extra data early to\nprevent the buffer overflow.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dml2/dml2_wrapper.c:79 map_hw_resources() error: buffer overflow 'dml2->v20.scratch.dml_to_dc_pipe_mapping.disp_cfg_to_stream_id' 6 <= 7\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dml2/dml2_wrapper.c:81 map_hw_resources() error: buffer overflow 'dml2->v20.scratch.dml_to_dc_pipe_mapping.disp_cfg_to_plane_id' 6 <= 7"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "n/a"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Linux",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Linux",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "7966f319c66d",
                                            "version_value": "50a6302cf881"
                                        },
                                        {
                                            "version_value": "not down converted",
                                            "x_cve_json_5_version_data": {
                                                "versions": [
                                                    {
                                                        "version": "6.7",
                                                        "status": "affected"
                                                    },
                                                    {
                                                        "version": "0",
                                                        "lessThan": "6.7",
                                                        "status": "unaffected",
                                                        "versionType": "semver"
                                                    },
                                                    {
                                                        "version": "6.7.9",
                                                        "lessThanOrEqual": "6.7.*",
                                                        "status": "unaffected",
                                                        "versionType": "semver"
                                                    },
                                                    {
                                                        "version": "6.8",
                                                        "lessThanOrEqual": "*",
                                                        "status": "unaffected",
                                                        "versionType": "original_commit_for_fix"
                                                    }
                                                ],
                                                "defaultStatus": "affected"
                                            }
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://git.kernel.org/stable/c/50a6302cf881f67f1410461a68fe9eabd00ff31d",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/50a6302cf881f67f1410461a68fe9eabd00ff31d"
            },
            {
                "url": "https://git.kernel.org/stable/c/0f8ca019544a252d1afb468ce840c6dcbac73af4",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/0f8ca019544a252d1afb468ce840c6dcbac73af4"
            }
        ]
    },
    "generator": {
        "engine": "bippy-9e1c9544281a"
    }
}
"-Synchronized-Data." 2024-02-19 15:02:40 +00:00			`{`
"-Synchronized-Data." 2024-04-10 19:01:37 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2024-02-19 15:02:40 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2024-26797",`
"-Synchronized-Data." 2024-04-10 19:01:37 +00:00			`"ASSIGNER": "cve@kernel.org",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2024-02-19 15:02:40 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2024-04-10 19:01:37 +00:00			"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Prevent potential buffer overflow in map_hw_resources\n\nAdds a check in the map_hw_resources function to prevent a potential\nbuffer overflow. The function was accessing arrays using an index that\ncould potentially be greater than the size of the arrays, leading to a\nbuffer overflow.\n\nAdds a check to ensure that the index is within the bounds of the\narrays. If the index is out of bounds, an error message is printed and\nbreak it will continue execution with just ignoring extra data early to\nprevent the buffer overflow.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dml2/dml2_wrapper.c:79 map_hw_resources() error: buffer overflow 'dml2->v20.scratch.dml_to_dc_pipe_mapping.disp_cfg_to_stream_id' 6 <= 7\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dml2/dml2_wrapper.c:81 map_hw_resources() error: buffer overflow 'dml2->v20.scratch.dml_to_dc_pipe_mapping.disp_cfg_to_plane_id' 6 <= 7"
"-Synchronized-Data." 2024-02-19 15:02:40 +00:00			`}`
			`]`
"-Synchronized-Data." 2024-04-10 19:01:37 +00:00			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "n/a"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Linux",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Linux",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_name": "7966f319c66d",`
			`"version_value": "50a6302cf881"`
			`},`
			`{`
			`"version_value": "not down converted",`
			`"x_cve_json_5_version_data": {`
			`"versions": [`
			`{`
			`"version": "6.7",`
			`"status": "affected"`
			`},`
			`{`
			`"version": "0",`
			`"lessThan": "6.7",`
			`"status": "unaffected",`
"-Synchronized-Data." 2024-11-05 10:02:03 +00:00			`"versionType": "semver"`
"-Synchronized-Data." 2024-04-10 19:01:37 +00:00			`},`
			`{`
			`"version": "6.7.9",`
			`"lessThanOrEqual": "6.7.*",`
			`"status": "unaffected",`
"-Synchronized-Data." 2024-11-05 10:02:03 +00:00			`"versionType": "semver"`
"-Synchronized-Data." 2024-04-10 19:01:37 +00:00			`},`
			`{`
			`"version": "6.8",`
			`"lessThanOrEqual": "*",`
			`"status": "unaffected",`
			`"versionType": "original_commit_for_fix"`
			`}`
			`],`
			`"defaultStatus": "affected"`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://git.kernel.org/stable/c/50a6302cf881f67f1410461a68fe9eabd00ff31d",`
			`"refsource": "MISC",`
			`"name": "https://git.kernel.org/stable/c/50a6302cf881f67f1410461a68fe9eabd00ff31d"`
			`},`
			`{`
			`"url": "https://git.kernel.org/stable/c/0f8ca019544a252d1afb468ce840c6dcbac73af4",`
			`"refsource": "MISC",`
			`"name": "https://git.kernel.org/stable/c/0f8ca019544a252d1afb468ce840c6dcbac73af4"`
			`}`
			`]`
			`},`
			`"generator": {`
"-Synchronized-Data." 2024-11-05 10:02:03 +00:00			`"engine": "bippy-9e1c9544281a"`
"-Synchronized-Data." 2024-02-19 15:02:40 +00:00			`}`
			`}`