#VU92330 Out-of-bounds read in Linux kernel - CVE-2024-38552
Vulnerability identifier: #VU92330
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/604c506ca43fce52bb882cff9c1fdf2ec3b4029c
https://git.kernel.org/stable/c/e280ab978c81443103d7c61bdd1d8d708cf6ed6d
https://git.kernel.org/stable/c/04bc4d1090c343025d69149ca669a27c5b9c34a7
https://git.kernel.org/stable/c/ced9c4e2289a786b8fa684d8893b7045ea53ef7e
https://git.kernel.org/stable/c/98b8a6bfd30d07a19cfacdf82b50f84bf3360869
https://git.kernel.org/stable/c/4e8c8b37ee84b3b19c448d2b8e4c916d2f5b9c86
https://git.kernel.org/stable/c/123edbae64f4d21984359b99c6e79fcde31c6123
https://git.kernel.org/stable/c/7226ddf3311c5e5a7726ad7d4e7b079bb3cfbb29
https://git.kernel.org/stable/c/63ae548f1054a0b71678d0349c7dc9628ddd42ca
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
