SUSE: CVE-2021-47046: SUSE Linux Security Advisory
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix off by one in hdmi_14_process_transaction() The hdcp_i2c_offsets[] array did not have an entry for HDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by one read overflow. I added an entry and copied the 0x0 value for the offset from similar code in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. I also declared several of these arrays as having HDCP_MESSAGE_ID_MAX entries. This doesn't change the code, but it's just a belt and suspenders approach to try future proof the code.
Solution(s)
- suse-upgrade-kernel-64kb
- suse-upgrade-kernel-64kb-devel
- suse-upgrade-kernel-default
- suse-upgrade-kernel-default-base
- suse-upgrade-kernel-default-devel
- suse-upgrade-kernel-devel
- suse-upgrade-kernel-docs
- suse-upgrade-kernel-macros
- suse-upgrade-kernel-obs-build
- suse-upgrade-kernel-preempt
- suse-upgrade-kernel-preempt-devel
- suse-upgrade-kernel-source
- suse-upgrade-kernel-syms
- suse-upgrade-kernel-zfcpdump
- suse-upgrade-reiserfs-kmp-default
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center