{"vulnerability": "CVE-2024-44993", "sightings": [{"uuid": "736b6cbe-c087-4edf-a7b9-0b0cc1c84521", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-44993", "type": "seen", "source": "https://t.me/cvedetector/4857", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-44993 - Raspberry Pi 5 UAPI Array Index Out-of-Bounds Vulnerability in Linux drm/v3d\", \n  \"Content\": \"CVE ID : CVE-2024-44993 \nPublished : Sept. 4, 2024, 8:15 p.m. | 27\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ndrm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`  \n  \nWhen enabling UBSAN on Raspberry Pi 5, we get the following warning:  \n  \n[  387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3  \n[  387.903868] index 7 is out of range for type '__u32 [7]'  \n[  387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G        WC         6.10.3-v8-16k-numa #151  \n[  387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)  \n[  387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched]  \n[  387.932525] Call trace:  \n[  387.935296]  dump_backtrace+0x170/0x1b8  \n[  387.939403]  show_stack+0x20/0x38  \n[  387.942907]  dump_stack_lvl+0x90/0xd0  \n[  387.946785]  dump_stack+0x18/0x28  \n[  387.950301]  __ubsan_handle_out_of_bounds+0x98/0xd0  \n[  387.955383]  v3d_csd_job_run+0x3a8/0x438 [v3d]  \n[  387.960707]  drm_sched_run_job_work+0x520/0x6d0 [gpu_sched]  \n[  387.966862]  process_one_work+0x62c/0xb48  \n[  387.971296]  worker_thread+0x468/0x5b0  \n[  387.975317]  kthread+0x1c4/0x1e0  \n[  387.978818]  ret_from_fork+0x10/0x20  \n[  387.983014] ---[ end trace ]---  \n  \nThis happens because the UAPI provides only seven configuration  \nregisters and we are reading the eighth position of this u32 array.  \n  \nTherefore, fix the out-of-bounds read in `v3d_csd_job_run()` by  \naccessing only seven positions on the '__u32 [7]' array. The eighth  \nregister exists indeed on V3D 7.1, but it isn't currently used. That  \nbeing so, let's guarantee that it remains unused and add a note that it  \ncould be set in a future patch. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T22:47:23.000000Z"}]}