Updated: 2026-02-27 00:19:42.680585
Description:
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' The issue arises when the array 'adev->vcn.vcn_config' is accessed before checking if the index 'adev->vcn.num_vcn_inst' is within the bounds of the array. The fix involves moving the bounds check before the array access. This ensures that 'adev->vcn.num_vcn_inst' is within the bounds of the array before it is used as an index. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1289 amdgpu_discovery_reg_base_init() error: testing array offset 'adev->vcn.num_vcn_inst' after use.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2025:1747725447 | 2025-05-21 01:46:27 | |
| CentOS 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2025-09-26 14:57:31 | Not affected — this CVE is limited to the AMDGPU DRM kernel driver (amdgpu_discovery_reg_base_init... | |
| CentOS 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2025-09-16 13:36:00 | Not affected: CVE-2024-27042 targets the AMDGPU DRM driver’s VCN discovery path introduced in Linu... | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2026-02-22 11:05:44 | CVE-2024-27042 is limited to the AMDGPU DRM driver’s VCN discovery routine (amdgpu_discovery_reg_b... | |
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2026-02-22 11:05:45 | CVE-2024-27042 is limited to the AMDGPU DRM driver’s VCN discovery routine (amdgpu_discovery_reg_b... | |
| CentOS Stream 8 ELS | kernel | 4.18.0 | 7.8 | HIGH | Released | CLSA-2026:1770032032 | 2026-02-02 16:28:51 | |
| CloudLinux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Ignored | 2025-09-23 10:22:50 | Postponed until request or high risk detected | |
| CloudLinux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Ignored | 2025-09-23 10:22:46 | Postponed until request or high risk detected | |
| Oracle Linux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2025-11-02 10:33:25 | Not affected — this CVE is limited to the AMDGPU DRM kernel driver (amdgpu_discovery_reg_base_init... |