7 CVE-2024-42228
Patch
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001.
V2: To really improve the handling we would actually
need to have a separate value of 0xffffffff.(Christian)
https://nvd.nist.gov/vuln/detail/CVE-2024-42228
Categories
CWE-908 : Use of Uninitialized Resource
When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67 Patch
af854a3a-2127-422b-91ae-364da2661108 Patch
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | < 6.6.39 | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | >= 6.7 | < 6.9.9 |
REMEDIATION
Patch
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
| No known exploits |
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
