CVE-2021-47348

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Avoid HDCP over-read and corruption

Instead of reading the desired 5 bytes of the actual target field, the code was reading 8. This could result in a corrupted value if the trailing 3 bytes were non-zero, so instead use an appropriately sized and zero-initialized bounce buffer, and read only 5 bytes before casting to u64.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4c283fdac08abf3211533f70623c90a34f41d08d < c5b518f4b98dbb2bc31b6a55e6aaa1e0e2948f2eaffected
LinuxLinux4c283fdac08abf3211533f70623c90a34f41d08d < 44c7c901cb368a9f2493748f213b247b5872639faffected
LinuxLinux4c283fdac08abf3211533f70623c90a34f41d08d < 3b2b93a485fb7a970bc8b5daef16f4cf579d172faffected
LinuxLinux4c283fdac08abf3211533f70623c90a34f41d08d < 06888d571b513cbfc0b41949948def6cb81021b2affected
LinuxLinux5.5affected
LinuxLinux0 < 5.5unaffected
LinuxLinux5.10.51 <= 5.10.*unaffected
LinuxLinux5.12.18 <= 5.12.*unaffected
LinuxLinux5.13.3 <= 5.13.*unaffected
LinuxLinux5.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References