CVE-2024-39471 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should be stop to avoid out-of-bounds read, so directly return -EINVAL.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:7001	2024-09-24T00:00:00Z
kernel-0:4.18.0-553.22.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:7000	2024-09-24T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-503.11.1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z
kernel-0:5.14.0-503.11.1.el9_5	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:9315	2024-11-12T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46
https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3
https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8
https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691
https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f
https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520
https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a
https://lore.kernel.org/linux-cve-announce/2024062501-CVE-2024-39471-3dee@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-39471
https://www.cve.org/CVERecord?id=CVE-2024-39471

History

Wed, 13 Nov 2024 02:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9

Tue, 24 Sep 2024 11:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:8

Tue, 24 Sep 2024 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv
Vendors & Products		Redhat Redhat enterprise Linux

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 03 Sep 2024 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-25T14:28:56.906Z

Updated: 2025-05-21T09:12:46.024Z

Reserved: 2024-06-25T14:23:23.745Z

Link: CVE-2024-39471

Vulnrichment

Updated: 2024-08-02T04:26:15.268Z

NVD

Status : Modified

Published: 2024-06-25T15:15:15.490

Modified: 2024-11-21T09:27:44.163

Link: CVE-2024-39471

Redhat

Severity : Moderate

Publid Date: 2024-06-25T00:00:00Z

Links: CVE-2024-39471 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39471", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-25T14:23:23.745Z", "datePublished": "2024-06-25T14:28:56.906Z", "dateUpdated": "2025-05-21T09:12:46.024Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-21T09:12:46.024Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add error handle to avoid out-of-bounds\n\nif the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should\nbe stop to avoid out-of-bounds read, so directly return -EINVAL."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"], "versions": [{"version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9", "lessThan": "5594971e02764aa1c8210ffb838cb4e7897716e8", "status": "affected", "versionType": "git"}, {"version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9", "lessThan": "8112fa72b7f139052843ff484130d6f97e9f052f", "status": "affected", "versionType": "git"}, {"version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9", "lessThan": "ea906e9ac61e3152bef63597f2d9f4a812fc346a", "status": "affected", "versionType": "git"}, {"version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9", "lessThan": "011552f29f20842c9a7a21bffe1f6a2d6457ba46", "status": "affected", "versionType": "git"}, {"version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9", "lessThan": "5b0a3dc3e87821acb80e841b464d335aff242691", "status": "affected", "versionType": "git"}, {"version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9", "lessThan": "0964c84b93db7fbf74f357c1e20957850e092db3", "status": "affected", "versionType": "git"}, {"version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9", "lessThan": "8b2faf1a4f3b6c748c0da36cda865a226534d520", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"], "versions": [{"version": "5.4", "status": "affected"}, {"version": "0", "lessThan": "5.4", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.278", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.219", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.161", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.94", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.34", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.5", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.4.278"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.10.219"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.15.161"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "6.1.94"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "6.6.34"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "6.9.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "6.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8"}, {"url": "https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f"}, {"url": "https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a"}, {"url": "https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46"}, {"url": "https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691"}, {"url": "https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3"}, {"url": "https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520"}], "title": "drm/amdgpu: add error handle to avoid out-of-bounds", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.268Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39471", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:07:48.948392Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:41.543Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.268Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39471", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:07:48.948392Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:25.232Z"}}], "cna": {"title": "drm/amdgpu: add error handle to avoid out-of-bounds", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9", "lessThan": "5594971e02764aa1c8210ffb838cb4e7897716e8", "versionType": "git"}, {"status": "affected", "version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9", "lessThan": "8112fa72b7f139052843ff484130d6f97e9f052f", "versionType": "git"}, {"status": "affected", "version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9", "lessThan": "ea906e9ac61e3152bef63597f2d9f4a812fc346a", "versionType": "git"}, {"status": "affected", "version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9", "lessThan": "011552f29f20842c9a7a21bffe1f6a2d6457ba46", "versionType": "git"}, {"status": "affected", "version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9", "lessThan": "5b0a3dc3e87821acb80e841b464d335aff242691", "versionType": "git"}, {"status": "affected", "version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9", "lessThan": "0964c84b93db7fbf74f357c1e20957850e092db3", "versionType": "git"}, {"status": "affected", "version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9", "lessThan": "8b2faf1a4f3b6c748c0da36cda865a226534d520", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.4"}, {"status": "unaffected", "version": "0", "lessThan": "5.4", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.278", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.219", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.161", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.94", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.34", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.5", "versionType": "semver", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8"}, {"url": "https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f"}, {"url": "https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a"}, {"url": "https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46"}, {"url": "https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691"}, {"url": "https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3"}, {"url": "https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add error handle to avoid out-of-bounds\n\nif the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should\nbe stop to avoid out-of-bounds read, so directly return -EINVAL."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.278", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.219", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.161", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.94", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.34", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9.5", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10", "versionStartIncluding": "5.4"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-21T09:12:46.024Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39471", "state": "PUBLISHED", "dateUpdated": "2025-05-21T09:12:46.024Z", "dateReserved": "2024-06-25T14:23:23.745Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-25T14:28:56.906Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B755DA3-6492-4165-BE2F-55FB23D6D019", "versionEndExcluding": "5.4.278", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9063AF3-D593-43B7-810D-58B87F82F9F9", "versionEndExcluding": "5.10.219", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2", "versionEndExcluding": "5.15.161", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D20DE32-76F8-4E4C-A8DF-5B53082D18E5", "versionEndExcluding": "6.1.94", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BD9DCFD-0342-4039-B8CE-70F26DB7173B", "versionEndExcluding": "6.6.34", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8366481F-770F-4850-9D0F-2977BD97D5C5", "versionEndExcluding": "6.9.5", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add error handle to avoid out-of-bounds\n\nif the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should\nbe stop to avoid out-of-bounds read, so directly return -EINVAL."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/amdgpu: agregue un controlador de error para evitar lecturas fuera de los l\u00edmites si sdma_v4_0_irq_id_to_seq devuelve -EINVAL, el proceso debe detenerse para evitar lecturas fuera de los l\u00edmites, por lo que debe regresar directamente -EINVAL."}], "id": "CVE-2024-39471", "lastModified": "2024-11-21T09:27:44.163", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-25T15:15:15.490", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: drm/amdgpu: add error handle to avoid out-of-bounds", "id": "2294313", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294313"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/amdgpu: add error handle to avoid out-of-bounds\nif the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should\nbe stop to avoid out-of-bounds read, so directly return -EINVAL."], "name": "CVE-2024-39471", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-39471\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-39471\nhttps://lore.kernel.org/linux-cve-announce/2024062501-CVE-2024-39471-3dee@gregkh/T"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object