2025-06-18 11:03:32
Linux
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() The last case label can write two buffers mc_reg_address[j] and mc_data[j] with j offset equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE since there are no checks for this value in both case labels after the last j++. Instead of changing > to >= there, add the bounds check at the start of the second case (the first one already has it). Also, remove redundant last checks for j index bigger than array size. The expression is always false. Moreover, before or after the patch table->last can be equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE and it seems it can be a valid value. Detected using the static analysis tool - Svace.