Bug 1223205 (CVE-2024-26914)

Summary: VUL-0: CVE-2024-26914: kernel: drm/amd/display: fix incorrect mpc_combine array size
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Kernel Bugs <kernel-bugs>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: abergmann
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/402452/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-26914:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-04-22 10:10:22 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: fix incorrect mpc_combine array size

[why]
MAX_SURFACES is per stream, while MAX_PLANES is per asic. The
mpc_combine is an array that records all the planes per asic. Therefore
MAX_PLANES should be used as the array size. Using MAX_SURFACES causes
array overflow when there are more than 3 planes.

[how]
Use the MAX_PLANES for the mpc_combine array size.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26914
https://www.cve.org/CVERecord?id=CVE-2024-26914
https://git.kernel.org/stable/c/0bd8ef618a42d7e6ea3f701065264e15678025e3
https://git.kernel.org/stable/c/39079fe8e660851abbafa90cd55cbf029210661f
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-26914.mbox
https://bugzilla.redhat.com/show_bug.cgi?id=2275792
Comment 1 Alexander Bergmann 2024-04-22 10:10:50 UTC 
None of our SLE or openSUSE kernels are affected.