In the Linux kernel, the following vulnerability has been resolved:
drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()
The "submit->cmd[i].size" and "submit->cmd[i].offset" variables are u32
values that come from the user via the submit_lookup_cmds() function.
This addition could lead to an integer wrapping bug so use size_add()
to prevent that.
Patchwork: https://patchwork.freedesktop.org/patch/624696/
CVE ID: CVE-2024-52559
Vendor: Linux, Linux
Product: Linux, Linux
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 2.04% (scored less or equal to compared to others)
EPSS Date: 2025-03-27 (when was this score calculated)