CVE-2024-39291

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description The issue is related to a potential buffer overflow in the gfx v9 4 3 init microcode function in the gfx v9 4 3.c file of the Linux kernel's amdgpu driver. The problem arises from the use of the snprintf function with a buffer size that is too small to accommodate the maximum possible length of the string being written into it. The string being written is "amdgpu/%s mec.bin" or "amdgpu/%s rlc.bin", where %s is replaced by the value of chip name. The length of this string without the %s is 16 characters, and the warning message indicated that chip name could be up to 29 characters long, resulting in a total of 45 characters, which exceeds the buffer size of 30 characters.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.37 or later. This update reduces the size of the ucode prefix buffer from 30 to 15, preventing potential buffer overflow and truncation issues.