PT-2026-54798 · Linux · Linux
Published
2026-07-01
·
Updated
2026-07-01
·
CVE-2026-53330
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix out-of-bounds read in dp get eq aux rd interval()
[Why & How]
The aux rd interval array in struct dc lttpr caps is declared with
MAX REPEATER CNT - 1 (7) elements, indexed 0..6. However, the offset
parameter passed to dp get eq aux rd interval() can be as large as
MAX REPEATER CNT (8) when a sink reports 8 LTTPR repeaters via DPCD.
This leads to an out-of-bounds read of aux rd interval[7] when offset
is 8.
Fix this by growing aux rd interval to MAX REPEATER CNT elements to
accommodate the full range of valid repeater counts defined by the DP
spec.
(cherry picked from commit a55a458a8df37a65ffda5cf721d554a8f74f6b04)
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux