CVE-2021-47348

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a function in the Linux kernel's amdgpu driver, specifically the validate bksv() function in the hdcp1 execution.c module. This function is vulnerable to a buffer over-read, which could result in corrupted values if the trailing bytes are non-zero. The vulnerability can be exploited by a remote attacker to impact the confidentiality and availability of protected information. The vulnerability occurs because the code reads 8 bytes instead of the desired 5 bytes of the target field. To fix this, an appropriately sized and zero-initialized bounce buffer is used, and only 5 bytes are read before casting to u64.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.