CVE - CVE-2024-26660

CVE-ID
CVE-2024-26660	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 'stream_enc_regs' array is an array of dcn10_stream_enc_registers structures. The array is initialized with four elements, corresponding to the four calls to stream_enc_regs() in the array initializer. This means that valid indices for this array are 0, 1, 2, and 3. The error message 'stream_enc_regs' 4 <= 5 below, is indicating that there is an attempt to access this array with an index of 5, which is out of bounds. This could lead to undefined behavior Here, eng_id is used as an index to access the stream_enc_regs array. If eng_id is 5, this would result in an out-of-bounds access on the stream_enc_regs array. Thus fixing Buffer overflow error in dcn301_stream_encoder_create reported by Smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn301/dcn301_resource.c:1011 dcn301_stream_encoder_create() error: buffer overflow 'stream_enc_regs' 4 <= 5
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/42442f74314d41ddc68227047036fa3e78940054 URL:https://git.kernel.org/stable/c/42442f74314d41ddc68227047036fa3e78940054 MISC:https://git.kernel.org/stable/c/58fca355ad37dcb5f785d9095db5f748b79c5dc2 URL:https://git.kernel.org/stable/c/58fca355ad37dcb5f785d9095db5f748b79c5dc2 MISC:https://git.kernel.org/stable/c/a938eab9586eea31cfd129a507f552efae14d738 URL:https://git.kernel.org/stable/c/a938eab9586eea31cfd129a507f552efae14d738 MISC:https://git.kernel.org/stable/c/cd9bd10c59e3c1446680514fd3097c5b00d3712d URL:https://git.kernel.org/stable/c/cd9bd10c59e3c1446680514fd3097c5b00d3712d MISC:https://git.kernel.org/stable/c/efdd665ce1a1634b8c1dad5e7f6baaef3e131d0a URL:https://git.kernel.org/stable/c/efdd665ce1a1634b8c1dad5e7f6baaef3e131d0a
Assigning CNA
kernel.org
Date Record Created
20240219	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240219)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)