CVE-2024-46971 GPU DDK - UAF of memory in PMRUnlockSysPhysAddressesLocalMem for on-demand PMRs on PCI (LMA) systems

Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU...

CVE-2024-46971

CVE-2024-46971 affects the Imagination GPU Driver. A UAF (use-after-free) in PMRUnlockSysPhysAddressesLocalMem for on-demand PMRs on PCI (LMA) systems may allow a non-privileged local user to conduct GPU system calls that read and write freed GPU memory. The issue is described as a local impact w...

USN-7159-1 linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-raspi, linux-xilinx-zynqmp vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - S390 architecture; - x86 architecture; - Power management core; - GPU...

USN-7155-1: Linux kernel (NVIDIA) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; -...

USN-7154-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; -...

USN-7154-1 linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux-raspi vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; -...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-7159-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7159-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

The vulnerability of the NVIDIA GPU Display Driver software driver allows a hacker to enhance their privileges and execute arbitrary code.

The vulnerability of the NVIDIA GPU Display Driver software driver is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

Ubuntu 22.04 LTS / 24.04 LTS : Linux kernel vulnerabilities (USN-7154-1)

"The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7154-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host.

...

Security update for kernel-firmware

This update for kernel-firmware fixes the following issues: Update to version 20241128 git commit ea71da6f0690: i915: Update Xe2LPD DMC to v2.24 cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops iwlwifi: add Bz-gf FW for core89-91 release amdgpu: update smu 13.0.10 firmwar...

NVIDIA GPU Display Driver October 2024 Security Update

NVIDIA has informed HP of potential security vulnerabilities identified in the NVIDIA® GPU Display Driver for Windows, which might allow code execution, denial of service, escalation of privileges, information disclosure, and data tampering. NVIDIA has released updates to mitigate these...

CVE-2024-53116

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix handling of partial GPU mapping of BOs This commit fixes the bug in the handling of partial mapping of the buffer objects to the GPU, which caused kernel warnings. Panthor didn't correctly handle the case where t...

CVE-2024-53116

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix handling of partial GPU mapping of BOs This commit fixes the bug in the handling of partial mapping of the buffer objects to the GPU, which caused kernel warnings. Panthor didn't correctly handle the case where t...

CVE-2024-53116 drm/panthor: Fix handling of partial GPU mapping of BOs

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix handling of partial GPU mapping of BOs This commit fixes the bug in the handling of partial mapping of the buffer objects to the GPU, which caused kernel warnings. Panthor didn't correctly handle the case where t...

CVE-2024-53116

CVE-2024-53116 concerns the Linux kernel panic/warning scenario in the Panthor DRM/GPU VM path. The description documents a bug in partial GPU mapping of buffer objects (BOs) where Panthor failed to correctly handle mappings that span multiple scatterlists and where the mapping offset did not sta...

CVE-2024-53116

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix handling of partial GPU mapping of BOs This commit fixes the bug in the handling of partial mapping of the buffer objects to the GPU, which caused kernel warnings. Panthor didn't correctly handle the case where t...

CVE-2024-53116 drm/panthor: Fix handling of partial GPU mapping of BOs

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix handling of partial GPU mapping of BOs This commit fixes the bug in the handling of partial mapping of the buffer objects to the GPU, which caused kernel warnings. Panthor didn't correctly handle the case where t...

CVE-2024-43048

Memory corruption when invalid input is passed to invoke GPU Headroom API call...

CVE-2024-43048

CVE-2024-43048 concerns memory corruption caused by invalid input to the GPU Headroom API call in Qualcomm closed‑source components. The available documents indicate a local attack vector with low privileges and no user interaction, and the CVSS 3.1 vector quotes a high impact on confidentiality,...