CVE-2024-52559

MEDIUM

Linux Kernel - Integer Overflow in drm/msm/gem via msm_ioctl_gem_submit

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() The "submit->cmd[i].size" and "submit->cmd[i].offset" variables are u32 values that come from the user via the submit_lookup_cmds() function. This addition could lead to an integer wrapping bug so use size_add() to prevent that. Patchwork: https://patchwork.freedesktop.org/patch/624696/

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/2b99b2c4621d13bd4374ef384e8f1fc188d0a5df

Patch

https://git.kernel.org/stable/c/2f1845e46c41ed500789d53dc45b383b7745c96c

Patch

https://git.kernel.org/stable/c/e43a0f1327a1ee70754f8a0de6e0262cfa3e0b87

Patch

https://git.kernel.org/stable/c/3a47f4b439beb98e955d501c609dfd12b7836d61

Scores

CVSS v3 5.5

EPSS 0.0021

EPSS Percentile 10.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (14)

linux/Kernel 3.12.0 - 6.6.80linux

linux/Kernel 6.13.0 - 6.13.4linux

linux/Kernel 6.7.0 - 6.12.16linux

Linux/Linux < 3.12

Linux/Linux 198725337ef1f73b73e7dc953c6ffb0799f26ffe - 2b99b2c4621d13bd4374ef384e8f1fc188d0a5df

Linux/Linux 198725337ef1f73b73e7dc953c6ffb0799f26ffe - 2f1845e46c41ed500789d53dc45b383b7745c96c

Linux/Linux 198725337ef1f73b73e7dc953c6ffb0799f26ffe - 3a47f4b439beb98e955d501c609dfd12b7836d61

Linux/Linux 198725337ef1f73b73e7dc953c6ffb0799f26ffe - e43a0f1327a1ee70754f8a0de6e0262cfa3e0b87

Linux/Linux 3.12

Linux/Linux 6.12.16 - 6.12.*

... and 4 more

Published Feb 27, 2025

Tracked Since Feb 18, 2026