CVE-2024-49969
drm/amd/display: Fix index out of bounds in DCN30 color transformation
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
drm/amd/display: Fix index out of bounds in DCN30 color transformation
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 color transformation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_hw_format` function in the DCN30 color management module. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, the function returns false to indicate an error. drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:182 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max
Reserved 2024-10-21 | Published 2024-10-21 | Updated 2024-12-19 | Assigner Linuxgit.kernel.org/...c/7ab69af56a23859b647dee69fa1052c689343621
git.kernel.org/...c/c13f9c62015c56a938304cef6d507227ea3e0039
git.kernel.org/...c/0f1e222a4b41d77c442901d166fbdca967af0d86
git.kernel.org/...c/929506d5671419cffd8d01e9a7f5eae53682a838
git.kernel.org/...c/578422ddae3d13362b64e77ef9bab98780641631
git.kernel.org/...c/b9d8b94ec7e67f0cae228c054f77b73967c389a3
git.kernel.org/...c/d81873f9e715b72d4f8d391c8eb243946f784dfc
Support options
