CVE-2024-41061

drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport [Why] Potential out of bounds access in dml2_calculate_rq_and_dlg_params() because the value of out_lowest_state_idx used as an index for FCLKChangeSupport array can be greater than 1. [How] Currently dml2 core specifies identical values for all FCLKChangeSupport elements. Always use index 0 in the condition to avoid out of bounds access.

References

Link	Tags
https://git.kernel.org/stable/c/94166fe12543fbef122ca2d093e794ea41073a85	patch
https://git.kernel.org/stable/c/0ad4b4a2f6357c45fbe444ead1a929a0b4017d03	patch

Frequently Asked Questions

What is the severity of CVE-2024-41061?: CVE-2024-41061 has been scored as a high severity vulnerability.
How to fix CVE-2024-41061?: To fix CVE-2024-41061, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-41061 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-41061 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-41061?: CVE-2024-41061 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-129 – Improper Validation of Array Index

References

Frequently Asked Questions