PT-2024-33810 · Linux+7 · Linux Kernel+7
Alex Deucher
+1
·
Published
2024-07-23
·
Updated
2025-09-29
·
CVE-2024-49969
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.58
Description:
The issue is related to an index out of bounds problem in the
cm3 helper translate curve to hw format function within the DCN30 color management module. This could occur when the index i exceeds the number of transfer function points. The fix involves adding a check to ensure i is within bounds before accessing the transfer function points, returning false to indicate an error if i is out of bounds. Buffer overflows could occur in output tf->tf pts.red, output tf->tf pts.green, and output tf->tf pts.blue due to the index issue.Recommendations:
For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting access to the DCN30 color management module until the update can be applied.
Exploit
Fix
Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu