Improper Validation of Array Index Affecting perf package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL8-PERF-8182441
- published 11 Oct 2024
- disclosed 9 Oct 2024
Introduced: 9 Oct 2024
CVE-2024-46871 Open this link in a new tabHow to fix?
There is no fixed version for RHEL:8
perf
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream perf
package and not the perf
package as distributed by RHEL
.
See How to fix?
for RHEL:8
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX
[Why & How] It actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller number to create array dmub_callback & dmub_thread_offload has potential to access item out of array bound. Fix it.
References
- https://access.redhat.com/security/cve/CVE-2024-46871
- https://git.kernel.org/stable/c/800a5ab673c4a61ca220cce177386723d91bdb37
- https://git.kernel.org/stable/c/9f404b0bc2df3880758fb3c3bc7496f596f347d7
- https://git.kernel.org/stable/c/ad28d7c3d989fc5689581664653879d664da76f0
- https://git.kernel.org/stable/c/c592b6355b9b57b8e59fc5978ce1e14f64488a98