Описание
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid overflow assignment in link_dp_cts
sampling_rate is an uint8_t but is assigned an unsigned int, and thus it can overflow. As a result, sampling_rate is changed to uint32_t.
Similarly, LINK_QUAL_PATTERN_SET has a size of 2 bits, and it should only be assigned to a value less or equal than 4.
This fixes 2 INTEGER_OVERFLOW issues reported by Coverity.
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid overflow assignment in link_dp_cts
sampling_rate is an uint8_t but is assigned an unsigned int, and thus it can overflow. As a result, sampling_rate is changed to uint32_t.
Similarly, LINK_QUAL_PATTERN_SET has a size of 2 bits, and it should only be assigned to a value less or equal than 4.
This fixes 2 INTEGER_OVERFLOW issues reported by Coverity.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-50016
- https://git.kernel.org/stable/c/26ced9d86240868f5b41708ceee02e6ec2924498
- https://git.kernel.org/stable/c/a1495acc6234fa79b775599d3f49009afd53299f
- https://git.kernel.org/stable/c/a15268787b79fd183dd526cc16bec9af4f4e49a1
- https://git.kernel.org/stable/c/adeed800bc30ef718478b28c08f79231e5980e3d
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid overflow assignment in link_dp_cts sampling_rate is an uint8_t but is assigned an unsigned int, and thus it can overflow. As a result, sampling_rate is changed to uint32_t. Similarly, LINK_QUAL_PATTERN_SET has a size of 2 bits, and it should only be assigned to a value less or equal than 4. This fixes 2 INTEGER_OVERFLOW issues reported by Coverity.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Уязвимость компонента drm/amd/display ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании