#VU98912 Out-of-bounds read in Linux kernel - CVE-2024-49894
Vulnerability identifier: #VU98912
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_degamma_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/c130a3c09e3746c1a09ce26c20d21d449d039b1d
http://git.kernel.org/stable/c/c6979719012a90e5b8e3bc31725fbfdd0b9b2b79
http://git.kernel.org/stable/c/2495c8e272d84685403506833a664fad932e453a
http://git.kernel.org/stable/c/122e3a7a8c7bcbe3aacddd6103f67f9f36bed473
http://git.kernel.org/stable/c/2f5da549535be8ccd2ab7c9abac8562ad370b181
http://git.kernel.org/stable/c/07078fa5d589a7fbce8f81ea8acf7aa0021ab38e
http://git.kernel.org/stable/c/b7e99058eb2e86aabd7a10761e76cae33d22b49f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
