AMD INVD Instruction Security Notice

Bulletin ID: AMD-SB-3005 Potential Impact: Memory integrity Severity: Medium Summary External researchers reported a potential vulnerability with the INVD instruction that may lead to a loss of SEV-ES and SEV-SNP guest virtual machine VM memory integrity. CVE Details Refer to Glossary for...

The vulnerability of the `tic4x_print_cond` function in the `opcodes/tic4x-dis.c` component of the GNU Binutils development environment allows a hacker to access confidential data.

The vulnerability of the tic4xprintcond function in the opcodes/tic4x-dis.c component of the GNU Binutils development environment is related to memory initialization errors. Exploiting this vulnerability allows an attacker to gain access to confidential data...

AMD Client Vulnerabilities – November 2023

Bulletin ID: AMD-SB-4002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Secure Processor ASP, AMD System Management Unit SMU, and other platform components were reported, and mitigations are being...

No token whitelist leaves rageQuit() vulnerable to malicious ERC20 token contracts

Lines of code Vulnerability details A malicious actor can exploit the PartyGovernanceNFT.sol::rageQuit function by specifying a malicious IERC20 contract in the withdrawTokens array. The malicious contract could "donate" tokens to the proxy contract to pass the balance check here and when the...

kernel: Kernel (iommufd): Information Disclosure via uninitialized memory padding

A flaw was found in the kernel. A local attacker could exploit this by triggering a missing zero initialization in the iommufd component when copying vfioiommutype1info to user space. This could lead to the disclosure of sensitive information from uninitialized memory padding...

kernel: drm: amd: display: Fix memory leakage

A memory leak flaw was found in the Linux kernel's AMD display driver in the display context construction logic. A local user can trigger this issue during AMD GPU initialization when the dcconstructctx function fails to release allocated memory in error paths. This results in permanent memory...

kernel: net: wwan: iosm: fix NULL pointer dereference when removing device

In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix NULL pointer dereference when removing device In suspend and resume cycle, the removal and rescan of device ends up in NULL pointer dereference. During driver initialization, if the ipcimemwwanchannelinit fai...

kernel: drm/amd: fix potential memory leak

A memory leak was found in the Linux kernel's AMD display driver in the clock source initialization logic. When the initialization function encounters an error in its final return path, allocated memory for the clksrc structure is not freed before returning NULL. This results in leaked memory tha...

kernel: nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net

A flaw was identified in the NFS server nfsd implementation in the Linux kernel where the initialization of the per-CPU replycachestats counters was relocated incorrectly in the code path. This change can lead to use of uninitialized per-CPU statistical counters during NFS request handling when t...

kernel: net/sched: flower: fix filter idr initialization

A flaw was found in the Linux kernel’s networking traffic control flower classifier. The initialization of the filter IDR was moved too early in the flchange path, allowing concurrent access by multiple users while the structure was still in an inconsistent state. Under certain conditions, this...

kernel: drm/amd/display: fix mapping to non-allocated address

An out-of-bounds array access was found in the AMD display driver in the Linux kernel. The driver allocates GPIO registers using incorrect bounds, leading to access of non-allocated memory addresses. This could cause kernel memory corruption or crashes during display initialization...

kernel: RDMA/rxe: Fix error unwind in rxe_create_qp()

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxecreateqp In the function rxecreateqp, rxeqpfrominit is called to initialize qp, internally things like the spin locks are not setup until rxeqpinitreq. If an error occures before this point then t...

kernel: Linux kernel: NULL pointer dereference in drm/amdkfd leads to Denial of Service

A flaw was found in the Linux kernel. A local user could trigger a NULL pointer dereference within the drm/amdkfd component during error handling in the kfdprocessdeviceinitvm function. This vulnerability, a type of memory corruption, can lead to a system crash. Successful exploitation results in...

kernel: iommu/vt-d: Clean up si_domain in the init_dmars() error path

A memory leak flaw was found in the Linux kernel's Intel VT-d IOMMU driver in the initialization error path. A local user can trigger this issue when the initdmars function fails during IOMMU setup, causing the sidomain memory to remain allocated without being freed. This results in a permanent...

kernel: irqchip/wpcm450: Fix memory leak in wpcm450_aic_of_init()

In the Linux kernel, the following vulnerability has been resolved: irqchip/wpcm450: Fix memory leak in wpcm450aicofinit If ofiomap failed, 'aic' should be freed before return. Otherwise there is a memory leak...

kernel: drm/amdkfd: Add sync after creating vram bo

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svm if the initialization is not complete and application is writting on the memory. Adding sync to wait for the initialization...

kernel: RDMA/rxe: Fix "kernel NULL pointer dereference" error

A NULL pointer dereference vulnerability was found in the RXE Soft-RoCE RDMA driver in the Linux kernel. When rxequeueinit fails during queue pair initialization in rxeqpinitreq, the task function and argument pointers qp-req.task.func and qp-req.task.arg remain uninitialized. The cleanup functio...

kernel: perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init()

A resource-handling flaw was found in the Linux kernel performance monitoring driver for ARM System Memory Management Unit version 3 in the way hotplug callbacks are registered during driver initialization. If driver registration fails, previously added CPU hotplug callbacks are not removed,...

kernel: drm: Fix potential null-ptr-deref due to drmm_mode_config_init()

In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref due to drmmmodeconfiginit drmmmodeconfiginit will call drmmodecreatestandardproperties and won't check the ret value. When drmmodecreatestandardproperties failed due to alloc, property will be a...

kernel: ixgbevf: Fix resource leak in ixgbevf_init_module()

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevfinitmodule ixgbevfinitmodule won't destroy the workqueue created by createsinglethreadworkqueue when pciregisterdriver failed. Add destroyworkqueue in fail path to prevent the resource leak...