CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46726 – drm/amd/display: Ensure index calculation will not overflow
https://notcve.org/view.php?id=CVE-2024-46726
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure index calculation will not overflow [WHY & HOW] Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will never overflow and exceess array size. This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure index calculation will not overflow [WHY & HOW] Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx... • https://git.kernel.org/stable/c/733ae185502d30bbe79575167b6178cfb6c5d6bd •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46725 – drm/amdgpu: Fix out-of-bounds write warning
https://notcve.org/view.php?id=CVE-2024-46725
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds write warning Check the ring type value to fix the out-of-bounds write warning In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds write warning Check the ring type value to fix the out-of-bounds write warning It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bo... • https://git.kernel.org/stable/c/c253b87c7c37ec40a2e0c84e4a6b636ba5cd66b2 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46724 – drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
https://notcve.org/view.php?id=CVE-2024-46724
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Check the fb_channel_number range to avoid the array out-of-bounds read error In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Check the fb_channel_number range to avoid the array out-of-bounds read error It was discovered that the CIFS network file system implementation in the Linux kernel did not pro... • https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46723 – drm/amdgpu: fix ucode out-of-bounds read warning
https://notcve.org/view.php?id=CVE-2024-46723
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ucode out-of-bounds read warning Clear warning that read ucode[] may out-of-bounds. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service or possibly expose sensitive information. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertsc... • https://git.kernel.org/stable/c/82ac8f1d02886b5d8aeb9e058989d3bd6fc581e2 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46722 – drm/amdgpu: fix mc_data out-of-bounds read warning
https://notcve.org/view.php?id=CVE-2024-46722
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mc_data out-of-bounds read warning Clear warning that read mc_data[i-1] may out-of-bounds. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbit... • https://git.kernel.org/stable/c/5fa4df25ecfc7b6c9006f5b871c46cfe25ea8826 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46721 – apparmor: fix possible NULL pointer dereference
https://notcve.org/view.php?id=CVE-2024-46721
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. BUG: kernel NULL pointer dereference, address: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU:... • https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46720 – drm/amdgpu: fix dereference after null check
https://notcve.org/view.php?id=CVE-2024-46720
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix dereference after null check check the pointer hive before use. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. • https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46719 – usb: typec: ucsi: Fix null pointer dereference in trace
https://notcve.org/view.php?id=CVE-2024-46719
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix null pointer dereference in trace ucsi_register_altmode checks IS_ERR for the alt pointer and treats NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled, ucsi_register_displayport returns NULL which causes a NULL pointer dereference in trace. Rather than return NULL, call typec_port_register_altmode to register DisplayPort alternate mode as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled. In ... • https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46717 – net/mlx5e: SHAMPO, Fix incorrect page release
https://notcve.org/view.php?id=CVE-2024-46717
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix incorrect page release Under the following conditions: 1) No skb created yet 2) header_size == 0 (no SHAMPO header) 3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the last page fragment of a SHAMPO header page) a new skb is formed with a page that is NOT a SHAMPO header page (it is a regular data page). Further down in the same function (mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page fr... • https://git.kernel.org/stable/c/03924d117625ecb10ee3c9b65930bcb2c37ae629 •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46716 – dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor
https://notcve.org/view.php?id=CVE-2024-46716
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Remove list_del call in msgdma_chan_desc_cleanup, this should be the role of msgdma_free_descriptor. In consequence replace list_add_tail with list_move_tail in msgdma_free_descriptor. This fixes the path: msgdma_free_chan_resources -> msgdma_free_descriptors -> msgdma_free_desc_list -> msgdma_free_descriptor which does not correctly free the descriptors as first n... • https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725 •