CVE-2024-39291

Summary

CVE-2024-39291: A vulnerability in the Linux kernel's drm/amdgpu driver has been addressed. The issue was caused by a buffer size inconsistency in the functions gfx_v9_4_3_init_cp_compute_microcode() and rlc_microcode(). The 'ucode_prefix' buffer, which was supposed to accommodate the string "amdgpu/%s_mec.bin" or "amdgpu/%s_rlc.bin", was found to be too small due to the assumption that 'chip_name' would never exceed 29 characters. Consequently, the use of snprintf function could lead to potential truncation or buffer overflow. To mitigate this, the size of the 'ucode_prefix' buffer has been reduced from 30 to 15 characters. This update ensures that the buffer will not exceed its size, thereby preventing truncation and potential buffer overflow issues. The warning messages indicated that the 'snprintf' directive could write up to 29 bytes into a region of size 23 or 30.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.