AZL-53778 CVE-2023-52921 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpucspass1 Since the gangsize check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang @VAR10CK of Baidu Security...

UBUNTU-CVE-2023-52921

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpucspass1 Since the gangsize check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang @VAR10CK of Baidu Security...

CVE-2024-50282 drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add missing size check in amdgpudebugfsgprwaveread Avoid a possible buffer overflow if size is larger than 4K. cherry picked from commit f5d873f5825b40d886d03bd2aede91d4cf002434...

CVE-2023-52921 drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpucspass1 Since the gangsize check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang @VAR10CK of Baidu Security...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a missing size check in the amdgpudebugfsgprwaveread function. No details of the vulnerability are provided ...

The vulnerability of Linux operating system’s DRM/AMDGPU cores allows a hacker to trigger a service failure.

The vulnerability of the DRM/AMDGPU kernel components in the Linux operating system is related to errors in the resource management of the amdgputtmgartbind function. Exploiting this vulnerability can allow a hacker to cause service failures...

OESA-2024-2423 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix null pointer dereference in trace ucsiregisteraltmode checks ISERR for the alt pointer and treats NULL as valid. When CONFIGTYPECDPALTMODE ...

Fedora 41 : linux-firmware (2024-3cd42e9e29)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3cd42e9e29 advisory. Update to upstream 20240909: i915: Update MTL DMC v2.23 cirrus: cs35l56: Add firmware for Cirrus CS35L54 for some HP laptops amdgpu: Revert sienna cichlid...

kernel: drm/amdgpu: use-after-free vulnerability

A failure flaw was found in the Linux kernel’s AMDGPU driver in how a user sends ioctl with an invalid address and size when using the AMD GPU. This flaw allows a local user to crash the system...

kernel: drm/amdgpu: use-after-free vulnerability

A failure flaw was found in the Linux kernel’s AMDGPU driver in how a user sends ioctl with an invalid address and size when using the AMD GPU. This flaw allows a local user to crash the system...

kernel: drm/amdgpu: use-after-free vulnerability

A failure flaw was found in the Linux kernel’s AMDGPU driver in how a user sends ioctl with an invalid address and size when using the AMD GPU. This flaw allows a local user to crash the system...

CLSA-2024-1731431756 kernel: Fix of 30 CVEs

tty: ngsm: Fix use-after-free in gsmcleanupmux CVE-2024-50073 - drm/amdkfd: amdkfdfreegttmem clear the correct pointer CVE-2024-49991 - ext4: fix timer use-after-free on failed mount CVE-2024-49960 - ext4: avoid use-after-free in ext4extshowleaf CVE-2024-49889 - ext4: fix slab-use-after-free in...

kernel: drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()

No description is available for this CVE...

kernel: drm/amdgpu: change vm->task_info handling

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: change vm-taskinfo handling This patch changes the handling and lifecycle of vm-taskinfo object. The major changes are: - vm-taskinfo is a dynamically allocated ptr now, and its uasge is reference counted. - introduci...

kernel: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()

A vulnerability was found in the amdgpurasqueryerrorstatushelper function in the Linunx kernel which could lead to a possible NULL pointer dereference, causing data corruption or crashes...

kernel: drm/amdgpu: Fix potential null pointer derefernce

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential null pointer derefernce The amdgpurasgetcontext may return NULL if device not support ras feature, so add check before using...

kernel: drm/amdgpu: fix deadlock while reading mqd from debugfs

A flaw was found in the drm/amdgpu subsystem in the Linux kernel, involving a deadlock occurring when reading the Memory Queue Descriptor MQD from debugfs. This issue could cause the system to hang during debug operations...

kernel: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: amdgputtmgartbind set gtt bound flag The Linux kernel CVE team has assigned CVE-2024-35817 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051743-CVE-2024-35817-d29b@gregkh/T...

kernel: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfxv943init cpcomputemicrocode and rlcmicrocode The function gfxv943initmicrocode in gfxv943.c was generating about potential truncation of output when using the snprintf function. The issue was due...

kernel: drm/amdgpu: avoid using null object of framebuffer

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid using null object of framebuffer Instead of using state-fb-obj0 directly, get object from framebuffer by calling drmgemfbgetobj and return error code when object is null to avoid using null object of framebuffer...