drm/amd/display: Fix index out of bounds in degamma hardware format translation

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2024-49894
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2024-10-21 18:15:11 UTC
Updated2026-05-28 15:12:45 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in degamma hardware format translation Fixes index out of bounds issue in `cm_helper_translate_curve_to_degamma_hw_format` function. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds the function returns false to indicate an error. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max

Risk And Classification

Primary CVSS: v3.1 7.8 HIGH from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types: CWE-129

CVSS v3.1 Breakdown

Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 11.0 All All All
Operating System Linux Linux Kernel All All All All
Hardware Siemens Simatic S7-1500 Tm Mfp - All All All
Operating System Siemens Simatic S7-1500 Tm Mfp Firmware 1.1 All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c b3dfa878257a7e98830b3009ca5831a01d8f85fc git Not specified
CNA Linux Linux affected 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c f5f6d90087131812c1e4b9d3103f400f1624396d git Not specified
CNA Linux Linux affected 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c c130a3c09e3746c1a09ce26c20d21d449d039b1d git Not specified
CNA Linux Linux affected 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c c6979719012a90e5b8e3bc31725fbfdd0b9b2b79 git Not specified
CNA Linux Linux affected 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c 2495c8e272d84685403506833a664fad932e453a git Not specified
CNA Linux Linux affected 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c 122e3a7a8c7bcbe3aacddd6103f67f9f36bed473 git Not specified
CNA Linux Linux affected 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c 2f5da549535be8ccd2ab7c9abac8562ad370b181 git Not specified
CNA Linux Linux affected 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c 07078fa5d589a7fbce8f81ea8acf7aa0021ab38e git Not specified
CNA Linux Linux affected 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c b7e99058eb2e86aabd7a10761e76cae33d22b49f git Not specified
CNA Linux Linux affected 4.15 Not specified
CNA Linux Linux unaffected 4.15 semver Not specified
CNA Linux Linux unaffected 4.19.323 4.19.* semver Not specified
CNA Linux Linux unaffected 5.4.285 5.4.* semver Not specified
CNA Linux Linux unaffected 5.10.227 5.10.* semver Not specified
CNA Linux Linux unaffected 5.15.168 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.113 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.55 6.6.* semver Not specified
CNA Linux Linux unaffected 6.10.14 6.10.* semver Not specified
CNA Linux Linux unaffected 6.11.3 6.11.* semver Not specified
CNA Linux Linux unaffected 6.12 * original_commit_for_fix Not specified
ADP Siemens RUGGEDCOM RST2428P unaffected * custom Not specified
ADP Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 Family unaffected * custom Not specified
ADP Siemens SCALANCE XCM-/XRM-/XCH-/XRH-300 Family unaffected * custom Not specified
ADP Siemens SIMATIC S7-1500 TM MFP - GNU/Linux Subsystem affected * custom Not specified

References

ReferenceSourceLinkTags
lists.debian.org/debian-lts-announce/2025/03/msg00002.html af854a3a-2127-422b-91ae-364da2661108 lists.debian.org Mailing List, Third Party Advisory
git.kernel.org/stable/c/c130a3c09e3746c1a09ce26c20d21d449d039b1d 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
cert-portal.siemens.com/productcert/html/ssa-265688.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com Third Party Advisory
git.kernel.org/stable/c/07078fa5d589a7fbce8f81ea8acf7aa0021ab38e 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/2f5da549535be8ccd2ab7c9abac8562ad370b181 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/b3dfa878257a7e98830b3009ca5831a01d8f85fc 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/2495c8e272d84685403506833a664fad932e453a 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/b7e99058eb2e86aabd7a10761e76cae33d22b49f 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/122e3a7a8c7bcbe3aacddd6103f67f9f36bed473 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
cert-portal.siemens.com/productcert/html/ssa-355557.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com Third Party Advisory
lists.debian.org/debian-lts-announce/2025/01/msg00001.html af854a3a-2127-422b-91ae-364da2661108 lists.debian.org Mailing List, Third Party Advisory
git.kernel.org/stable/c/c6979719012a90e5b8e3bc31725fbfdd0b9b2b79 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/f5f6d90087131812c1e4b9d3103f400f1624396d 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report