Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix off by one in hdmi_14_process_transaction() The hdcp_i2c_offsets[] array did not have an entry for HDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by one read overflow. I added an entry and copied the 0x0 value for the offset from similar code in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. I also declared several of these arrays as having HDCP_MESSAGE_ID_MAX entries. This doesn't change the code, but it's just a belt and suspenders approach to try future proof the code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.5, < 5.10.37 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/080bd41d6478a64edf96704fddcda52b1fd5fed7Patch
- https://git.kernel.org/stable/c/403c4528e5887af3deb9838cb77a557631d1e138Patch
- https://git.kernel.org/stable/c/6a58310d5d1e5b02d0fc9b393ba540c9367bced5Patch
- https://git.kernel.org/stable/c/8e6fafd5a22e7a2eb216f5510db7aab54cc545c1Patch
- https://git.kernel.org/stable/c/080bd41d6478a64edf96704fddcda52b1fd5fed7Patch
- https://git.kernel.org/stable/c/403c4528e5887af3deb9838cb77a557631d1e138Patch
- https://git.kernel.org/stable/c/6a58310d5d1e5b02d0fc9b393ba540c9367bced5Patch
- https://git.kernel.org/stable/c/8e6fafd5a22e7a2eb216f5510db7aab54cc545c1Patch
FAQ
What is CVE-2021-47046?
CVE-2021-47046 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix off by one in hdmi_14_process_transaction() The hdcp_i2c_offsets[] array did not have an entry for HDCP_MESSA...
How severe is CVE-2021-47046?
CVE-2021-47046 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-47046?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.