CVE-2021-47046

HIGH

Linux Kernel - Off-by-One Read Overflow in HDCP I2C Offset Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix off by one in hdmi_14_process_transaction() The hdcp_i2c_offsets[] array did not have an entry for HDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by one read overflow. I added an entry and copied the 0x0 value for the offset from similar code in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. I also declared several of these arrays as having HDCP_MESSAGE_ID_MAX entries. This doesn't change the code, but it's just a belt and suspenders approach to try future proof the code.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/403c4528e5887af3deb9838cb77a557631d1e138

Patch

https://git.kernel.org/stable/c/6a58310d5d1e5b02d0fc9b393ba540c9367bced5

Patch

https://git.kernel.org/stable/c/080bd41d6478a64edf96704fddcda52b1fd5fed7

Patch

https://git.kernel.org/stable/c/8e6fafd5a22e7a2eb216f5510db7aab54cc545c1

Scores

CVSS v3 7.8

EPSS 0.0024

EPSS Percentile 15.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-193

Status published

Products (11)

Linux/Linux < 5.5

Linux/Linux 4c283fdac08abf3211533f70623c90a34f41d08d - 080bd41d6478a64edf96704fddcda52b1fd5fed7

Linux/Linux 4c283fdac08abf3211533f70623c90a34f41d08d - 403c4528e5887af3deb9838cb77a557631d1e138

Linux/Linux 4c283fdac08abf3211533f70623c90a34f41d08d - 6a58310d5d1e5b02d0fc9b393ba540c9367bced5

Linux/Linux 4c283fdac08abf3211533f70623c90a34f41d08d - 8e6fafd5a22e7a2eb216f5510db7aab54cc545c1

Linux/Linux 5.10.37 - 5.10.*

Linux/Linux 5.11.21 - 5.11.*

Linux/Linux 5.12.4 - 5.12.*

Linux/Linux 5.13

Linux/Linux 5.5

... and 1 more

Published Feb 28, 2024

Tracked Since Feb 18, 2026