Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() The kfd_event_page_set() function writes KFD_SIGNAL_EVENT_LIMIT * 8 bytes via memset without checking the buffer size parameter. This allows unprivileged userspace to trigger an out-of bounds kernel memory write by passing a small buffer, leading to potential privilege escalation.
Product status
0fc8011f89feb8b2c3008583b777d097e1974660 (git) before 3e04bc310d80b46eaf481f1fefcbcb37a187412d
0fc8011f89feb8b2c3008583b777d097e1974660 (git) before de8d7a25cd2eb5875b1d8d4fbc7fe4b4138b781f
0fc8011f89feb8b2c3008583b777d097e1974660 (git) before b4034442cb090e4a980bdcc1540948606cbc951b
0fc8011f89feb8b2c3008583b777d097e1974660 (git) before 4857c37c7ba9aa38b9a4c694e8bd8d0091c87940
0fc8011f89feb8b2c3008583b777d097e1974660 (git) before 75fb57efdd7863fffbc39db23e9cad7aafda26ed
0fc8011f89feb8b2c3008583b777d097e1974660 (git) before bfcd6b53e1f4feb182952f4ff9a137c36ceaf20b
0fc8011f89feb8b2c3008583b777d097e1974660 (git) before 4e72f419e4ed44cb3b60506752d8688c20a60a9b
0fc8011f89feb8b2c3008583b777d097e1974660 (git) before 8a70a26c9f34baea6c3199a9862ddaff4554a96d
4.17
Any version before 4.17
5.10.252 (semver)
5.15.202 (semver)
6.1.165 (semver)
6.6.128 (semver)
6.12.75 (semver)
6.18.16 (semver)
6.19.6 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/3e04bc310d80b46eaf481f1fefcbcb37a187412d
git.kernel.org/...c/de8d7a25cd2eb5875b1d8d4fbc7fe4b4138b781f
git.kernel.org/...c/b4034442cb090e4a980bdcc1540948606cbc951b
git.kernel.org/...c/4857c37c7ba9aa38b9a4c694e8bd8d0091c87940
git.kernel.org/...c/75fb57efdd7863fffbc39db23e9cad7aafda26ed
git.kernel.org/...c/bfcd6b53e1f4feb182952f4ff9a137c36ceaf20b
git.kernel.org/...c/4e72f419e4ed44cb3b60506752d8688c20a60a9b
git.kernel.org/...c/8a70a26c9f34baea6c3199a9862ddaff4554a96d