UBUNTU-CVE-2022-49421

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: clcdfb: Fix refcount leak in clcdfbofvramsetup ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

PT-2024-32144

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to overmapping the identity VRAM mapping in the Linux kernel, which triggers hardware bugs on certain platforms. To resolve this, 2M pages are used for the last...

DEBIAN-CVE-2023-52825

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix a race condition of vram buffer unref in svm code prange-svmbo unref can happen in both mmu callback and a callback after migrate to system ram. Both are async call in different tasks. Sync svmbo unref operation t...

SUSE CVE-2024-27062

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...

DEBIAN-CVE-2024-27062

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...

SUSE CVE-2011-1016

The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with 1 Video RAM aka VRAM or 2 the Graphics Translation Table GTT via crafted values...

Xen Inverted Conditional DoS (XSA-319)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an issue allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference ...

CVE-2020-15563

An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HV...

DEBIAN-CVE-2020-15563

An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HV...

UBUNTU-CVE-2020-15563

An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HV...

CVE-2020-15563

An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HV...

DEBIAN-CVE-2014-7154

Race condition in HVMOPtrackdirtyvram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors...

CVE-2014-7154

Race condition in HVMOPtrackdirtyvram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors...

Race condition in HVMOP_track_dirty_vram

ISSUE DESCRIPTION The routine controlling the setup of dirty video RAM tracking latches the value of a pointer before taking the respective guarding lock, thus making it possible for a stale pointer to be used by the time the lock got acquired and the pointer gets dereferenced. The hypercall...

DEBIAN-CVE-2012-5511

Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service crash via a large bitmap image...

CVE-2012-5511

Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service crash via a large bitmap image...

CVE-2012-5511

Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service crash via a large bitmap image...

kernel: drm/radeon/kms: check AA resolve registers on r300

The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with 1 Video RAM aka VRAM or 2 the Graphics Translation Table GTT via crafted values...

CVE-2011-1016

The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with 1 Video RAM aka VRAM or 2 the Graphics Translation Table GTT via crafted values...