CVE-2024-49895: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30 color management module. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, the function returns false to indicate an error. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max
AI Analysis
Technical Summary
CVE-2024-49895 is a vulnerability identified in the Linux kernel's AMD GPU driver, specifically within the Direct Rendering Manager (DRM) subsystem handling AMD display hardware. The flaw resides in the DCN30 color management module, in the function cm3_helper_translate_curve_to_degamma_hw_format. This function is responsible for translating color transfer curves into a hardware-specific degamma format. The vulnerability is an index out of bounds error caused by insufficient validation of the index 'i' when accessing arrays representing transfer function points for red, green, and blue color channels. If 'i' exceeds the defined maximum number of transfer function points (TRANSFER_FUNC_POINTS), the function attempts to access memory outside the bounds of these arrays, leading to a potential buffer overflow. This can cause memory corruption, which might be exploited to execute arbitrary code or cause denial of service (kernel panic or system crash). The patch introduced adds boundary checks to ensure 'i' does not exceed the allowed range, returning false if an out-of-bounds condition is detected, thereby preventing the overflow. The vulnerability was detected by static analysis tooling (smatch) and affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and similar. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with AMD GPU drivers that include the DCN30 color management module. Such systems are common in enterprise environments that rely on Linux for workstations, servers, or specialized computing tasks involving AMD graphics hardware. The impact includes potential system instability or crashes due to kernel memory corruption. In a worst-case scenario, an attacker with local access could exploit this vulnerability to escalate privileges or execute arbitrary code within the kernel context, compromising system confidentiality, integrity, and availability. This could lead to unauthorized access to sensitive data, disruption of critical services, or lateral movement within networks. Given the kernel-level nature of the vulnerability, successful exploitation could undermine the security of entire systems. However, exploitation requires triggering the vulnerable function, which is related to display color management, so remote exploitation without local access or user interaction is less likely. Nonetheless, organizations with Linux-based infrastructure using AMD GPUs should consider this a significant security concern.
Mitigation Recommendations
European organizations should promptly apply the official Linux kernel patches that address this vulnerability by adding bounds checking in the affected function. Since the vulnerability is in the kernel driver, updating to the latest stable Linux kernel version that includes this fix is the most effective mitigation. For environments where immediate kernel upgrades are not feasible, organizations should consider disabling or restricting access to AMD GPU features related to DCN30 color management if possible, to reduce exposure. Additionally, monitoring for unusual system crashes or kernel panics related to the AMD GPU driver can help detect attempted exploitation. Employing strict access controls to limit local user privileges and preventing untrusted users from accessing systems with vulnerable kernels will reduce the risk of exploitation. Regularly auditing and updating Linux systems, especially those with AMD GPUs, and integrating kernel security updates into standard patch management processes are critical. Finally, organizations should stay informed about any emerging exploit reports or additional patches related to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-49895: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30 color management module. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, the function returns false to indicate an error. Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:338 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:339 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:340 cm3_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max
AI-Powered Analysis
Technical Analysis
CVE-2024-49895 is a vulnerability identified in the Linux kernel's AMD GPU driver, specifically within the Direct Rendering Manager (DRM) subsystem handling AMD display hardware. The flaw resides in the DCN30 color management module, in the function cm3_helper_translate_curve_to_degamma_hw_format. This function is responsible for translating color transfer curves into a hardware-specific degamma format. The vulnerability is an index out of bounds error caused by insufficient validation of the index 'i' when accessing arrays representing transfer function points for red, green, and blue color channels. If 'i' exceeds the defined maximum number of transfer function points (TRANSFER_FUNC_POINTS), the function attempts to access memory outside the bounds of these arrays, leading to a potential buffer overflow. This can cause memory corruption, which might be exploited to execute arbitrary code or cause denial of service (kernel panic or system crash). The patch introduced adds boundary checks to ensure 'i' does not exceed the allowed range, returning false if an out-of-bounds condition is detected, thereby preventing the overflow. The vulnerability was detected by static analysis tooling (smatch) and affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and similar. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with AMD GPU drivers that include the DCN30 color management module. Such systems are common in enterprise environments that rely on Linux for workstations, servers, or specialized computing tasks involving AMD graphics hardware. The impact includes potential system instability or crashes due to kernel memory corruption. In a worst-case scenario, an attacker with local access could exploit this vulnerability to escalate privileges or execute arbitrary code within the kernel context, compromising system confidentiality, integrity, and availability. This could lead to unauthorized access to sensitive data, disruption of critical services, or lateral movement within networks. Given the kernel-level nature of the vulnerability, successful exploitation could undermine the security of entire systems. However, exploitation requires triggering the vulnerable function, which is related to display color management, so remote exploitation without local access or user interaction is less likely. Nonetheless, organizations with Linux-based infrastructure using AMD GPUs should consider this a significant security concern.
Mitigation Recommendations
European organizations should promptly apply the official Linux kernel patches that address this vulnerability by adding bounds checking in the affected function. Since the vulnerability is in the kernel driver, updating to the latest stable Linux kernel version that includes this fix is the most effective mitigation. For environments where immediate kernel upgrades are not feasible, organizations should consider disabling or restricting access to AMD GPU features related to DCN30 color management if possible, to reduce exposure. Additionally, monitoring for unusual system crashes or kernel panics related to the AMD GPU driver can help detect attempted exploitation. Employing strict access controls to limit local user privileges and preventing untrusted users from accessing systems with vulnerable kernels will reduce the risk of exploitation. Regularly auditing and updating Linux systems, especially those with AMD GPUs, and integrating kernel security updates into standard patch management processes are critical. Finally, organizations should stay informed about any emerging exploit reports or additional patches related to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T12:17:06.026Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9826c4522896dcbe091f
Added to database: 5/21/2025, 9:08:54 AM
Last enriched: 6/28/2025, 9:25:14 PM
Last updated: 8/12/2025, 3:12:40 AM
Views: 15
Related Threats
CVE-2025-9165: Memory Leak in LibTIFF
MediumCVE-2025-9157: Use After Free in appneta tcpreplay
MediumCVE-2025-51529: n/a
MediumCVE-2025-50579: n/a
MediumCVE-2025-55740: CWE-1392: Use of Default Credentials in Anipaleja nginx-defender
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.