CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-52557: drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get()

Description

In the Linux kernel, the following vulnerability has been resolved:

drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get()

This patch fixes a potential integer overflow in the zynqmp_dp_rate_get()

The issue comes up when the expression
drm_dp_bw_code_to_link_rate(dp->test.bw_code) * 10000 is evaluated using 32-bit
Now the constant is a compatible 64-bit type.

Resolves coverity issues: CID 1636340 and CID 1635811

Classification

CVE ID: CVE-2024-52557

Affected Products

Vendor: Linux, Linux

Product: Linux, Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 1.43% (scored less or equal to compared to others)

EPSS Date: 2025-03-27 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-52557
https://git.kernel.org/stable/c/325d889c5403ba20a24097f64c32d27ab993c2c3
https://git.kernel.org/stable/c/67a615c5cb6dc33ed35492dc0d67e496cbe8de68

Timeline

2025-02-27 03:40:20 UTC
CVE

drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get()