SB2024062050 - Out-of-bounds read in Linux kernel dc dcn10 driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2024-38552)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/604c506ca43fce52bb882cff9c1fdf2ec3b4029c
• https://git.kernel.org/stable/c/e280ab978c81443103d7c61bdd1d8d708cf6ed6d
• https://git.kernel.org/stable/c/04bc4d1090c343025d69149ca669a27c5b9c34a7
• https://git.kernel.org/stable/c/ced9c4e2289a786b8fa684d8893b7045ea53ef7e
• https://git.kernel.org/stable/c/98b8a6bfd30d07a19cfacdf82b50f84bf3360869
• https://git.kernel.org/stable/c/4e8c8b37ee84b3b19c448d2b8e4c916d2f5b9c86
• https://git.kernel.org/stable/c/123edbae64f4d21984359b99c6e79fcde31c6123
• https://git.kernel.org/stable/c/7226ddf3311c5e5a7726ad7d4e7b079bb3cfbb29
• https://git.kernel.org/stable/c/63ae548f1054a0b71678d0349c7dc9628ddd42ca
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.316
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.219
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.161
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.278
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.12