kernel: drm/amdgpu: fix double free err_addr pointer warnings

A vulnerability was found in the amdgpuumchandlebadpages function in the Linux kernel's amdgpu driver. If the function is called multiple times in quick succession, a double free error can occur because the errdata-erraddr pointer that is being freed is not being set to NULL in between calls. Thi...

kernel: drm/amdgpu: validate the parameters of bo mapping operations more clearly

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpuvmbomap/replacemap/clearingmappings in one common place...

kernel: drm/amdkfd: lock dependency warning with srcu

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix lock dependency warning with srcu ====================================================== WARNING: possible circular locking dependency detected 6.5.0-kfd-yangp 2289 Not tainted...

kernel: drm/amdgpu/mes: fix use-after-free issue

A flaw was found in the Linux kernel. This issue is due to a possible use-after-free in drivers/gpu/drm/amd/amdgpu/amdgpumes.c...

kernel: drm/amdgpu: variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix variable 'mcafuncs' dereferenced before NULL check in 'amdgpumcasmugetmcaentry' Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpumca.c:377 amdgpumcasmugetmcaentry warn: variable dereferenced before check 'mcafunc...

kernel: drm/amdgpu: Skip do PCI error slot reset during RAS recovery

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip do PCI error slot reset during RAS recovery The Linux kernel CVE team has assigned CVE-2024-35931 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051916-CVE-2024-35931-430d@gregkh...

kernel: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()'

An out-of-bounds access flaw was found in drivers/gpu/drm/amd/amdgpu/amdgpudiscovery.c in the Linux kernel. This issue may lead to a crash...

kernel: drm/amdgpu: Reset IH OVERFLOW_CLEAR bit

A flaw was found in the Linux kernel. The IH OVERFLOWCLEAR bit was not reset...

kernel: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

A vulnerability was found in the Linux kernel's amdgpu driver in the amdgpuvceringparsecs function where the size variable is initialized with a pointer that may not be properly set before use. This issue could lead to unpredictable behavior in the system...

kernel: drm/amdgpu: add error handle to avoid out-of-bounds

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdmav40irqidtoseq return -EINVAL, the process should be stop to avoid out-of-bounds read, so directly return -EINVAL...

kernel: drm/amdgpu: use-after-free vulnerability

A failure flaw was found in the Linux kernel’s AMDGPU driver in how a user sends ioctl with an invalid address and size when using the AMD GPU. This flaw allows a local user to crash the system...

kernel: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a null pointer access when the smcrreg pointer is NULL In certain types of chips, such as VEGA20, reading the amdgpuregssmc file could result in an abnormal null pointer access when the smcrreg pointer is NULL...

UBUNTU-CVE-2024-50221

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Vangogh: Fix kernel memory out of bounds write KASAN reports that the GPU metrics table allocated in vangoghtablesinit is not large enough for the memset done in smucmninitsoftgpumetrics. Condensed report follows:...

CVE-2024-50221 drm/amd/pm: Vangogh: Fix kernel memory out of bounds write

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Vangogh: Fix kernel memory out of bounds write KASAN reports that the GPU metrics table allocated in vangoghtablesinit is not large enough for the memset done in smucmninitsoftgpumetrics. Condensed report follows:...

drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2)

...

AZL-54066 CVE-2024-50177 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a UBSAN warning in DML2.1 When programming phantom pipe, since cursorwidth is explicity set to 0, this causes calculation logic to trigger overflow for an unsigned int triggering the kernel's UBSAN check as...

UBUNTU-CVE-2024-50177

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a UBSAN warning in DML2.1 When programming phantom pipe, since cursorwidth is explicity set to 0, this causes calculation logic to trigger overflow for an unsigned int triggering the kernel's UBSAN check as...

The vulnerability of the link_destruct() function in the amdgpu driver of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the linkdestruct function in the drivers/gpu/drm/amd/display/dc/link/linkfactory.c file of the amdgpu kernel in the Linux operating system is related to the re-release of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the...

The vulnerability of the dmub_callback and dmub_thread_offload functions in Linux kernel allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the dmubcallback and dmubthreadoffload functions defined in the drivers/gpu/drm/amd/display/amdgpudm/amdgpudm.h header of the Linux kernel’s CPU is related to insufficient memory allocation, which leads to memory reading beyond the allocated buffer. Exploiting this...

AZL-52471 CVE-2024-50117 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ? showregs arch/x86/kernel/dumpstack.c:478 discriminator 1 ...