CVE-2024-42228

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. V2: To really improve the handling we would actually need to have a separate value of 0xffffffff.(Christian)

Category

7.0
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8
https://git.kernel.org/stable/c/3b505759447637dcccb50cbd98ec6f8d2a04fc46
https://git.kernel.org/stable/c/df02642c21c984303fe34c3f7d72965792fb1a15
https://git.kernel.org/stable/c/da6a85d197888067e8d38b5d22c986b5b5cab712
https://git.kernel.org/stable/c/9ee1534ecdd5b4c013064663502d7fde824d2144
https://git.kernel.org/stable/c/855ae72c20310e5402b2317fc537d911e87537ef patch
https://git.kernel.org/stable/c/f8f120b3de48b8b6bdf8988a9b334c2d61c17440 patch
https://git.kernel.org/stable/c/88a9a467c548d0b3c7761b4fd54a68e70f9c0944 patch

Frequently Asked Questions

What is the severity of CVE-2024-42228?
CVE-2024-42228 has been scored as a high severity vulnerability.
How to fix CVE-2024-42228?
To fix CVE-2024-42228, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-42228 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-42228 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-42228?
CVE-2024-42228 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.