CVE-2024-50177 – drm/amd/display: fix a UBSAN warning in DML2.1
https://notcve.org/view.php?id=CVE-2024-50177
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a UBSAN warning in DML2.1 When programming phantom pipe, since cursor_width is explicity set to 0, this causes calculation logic to trigger overflow for an unsigned int triggering the kernel's UBSAN check as below: [ 40.962845] UBSAN: shift-out-of-bounds in /tmp/amd.EfpumTkO/amd/amdgpu/../display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c:3312:34 [ 40.962849] shift exponent 4294967170 is too large for 32-bit type 'unsigned int' [ 40.962852] CPU: 1 PID: 1670 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu [ 40.962854] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F21 01/10/2024 [ 40.962856] Call Trace: [ 40.962857] <TASK> [ 40.962860] dump_stack_lvl+0x48/0x70 [ 40.962870] dump_stack+0x10/0x20 [ 40.962872] __ubsan_handle_shift_out_of_bounds+0x1ac/0x360 [ 40.962878] calculate_cursor_req_attributes.cold+0x1b/0x28 [amdgpu] [ 40.963099] dml_core_mode_support+0x6b91/0x16bc0 [amdgpu] [ 40.963327] ? srso_alias_return_thunk+0x5/0x7f [ 40.963331] ? CalculateWatermarksMALLUseAndDRAMSpeedChangeSupport+0x18b8/0x2790 [amdgpu] [ 40.963534] ? • https://git.kernel.org/stable/c/27bc3da5eae57e3af8f5648b4498ffde48781434 https://git.kernel.org/stable/c/eaf3adb8faab611ba57594fa915893fc93a7788c •
CVE-2024-50176 – remoteproc: k3-r5: Fix error handling when power-up failed
https://notcve.org/view.php?id=CVE-2024-50176
In the Linux kernel, the following vulnerability has been resolved: remoteproc: k3-r5: Fix error handling when power-up failed By simply bailing out, the driver was violating its rule and internal assumptions that either both or no rproc should be initialized. E.g., this could cause the first core to be available but not the second one, leading to crashes on its shutdown later on while trying to dereference that second instance. • https://git.kernel.org/stable/c/2a1ec20b174c0f613224c59e694639ac07308b53 https://git.kernel.org/stable/c/2494bc856e7ce50b1c4fd8afb4d17f2693f36565 https://git.kernel.org/stable/c/61f6f68447aba08aeaa97593af3a7d85a114891f https://git.kernel.org/stable/c/8ae2a10f5c7010ac82ab015cf864199093d61a7d https://git.kernel.org/stable/c/87ab3af7447791d0c619610fd560bd804549e187 https://git.kernel.org/stable/c/fc71c23958931713b5e76f317b76be37189f2516 https://git.kernel.org/stable/c/afd102bde99d90ef41e043c846ea34b04433eb7b https://git.kernel.org/stable/c/7afb5e3aa989c479979faeb18768a6788 •
CVE-2024-50171 – net: systemport: fix potential memory leak in bcm_sysport_xmit()
https://notcve.org/view.php?id=CVE-2024-50171
In the Linux kernel, the following vulnerability has been resolved: net: systemport: fix potential memory leak in bcm_sysport_xmit() The bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skb in case of dma_map_single() fails, add dev_kfree_skb() to fix it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: systemport: corrige una posible pérdida de memoria en bcm_sysport_xmit(). Bcm_sysport_xmit() devuelve NETDEV_TX_OK sin liberar skb en caso de que dma_map_single() falle. Agregue dev_kfree_skb() para solucionarlo. • https://git.kernel.org/stable/c/80105befdb4b8cea924711b40b2462b87df65b62 https://git.kernel.org/stable/c/8e81ce7d0166a2249deb6d5e42f28a8b8c9ea72f https://git.kernel.org/stable/c/31701ef0c4547973991ff63596c927f841dfd133 https://git.kernel.org/stable/c/b6321146773dcbbc372a54dbada67e0b50e0a25c https://git.kernel.org/stable/c/5febfc545389805ce83d37f9f4317055b26dd7d7 https://git.kernel.org/stable/c/533d2f30aef272dade17870a509521c3afc38a03 https://git.kernel.org/stable/c/4b70478b984af3c9d0279c121df5ff94e2533dbd https://git.kernel.org/stable/c/7d5030a819c3589cf9948b1eee397b626 •
CVE-2024-50168 – net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
https://notcve.org/view.php?id=CVE-2024-50168
In the Linux kernel, the following vulnerability has been resolved: net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() The sun3_82586_send_packet() returns NETDEV_TX_OK without freeing skb in case of skb->len being too long, add dev_kfree_skb() to fix it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/sun3_82586: corrige una posible pérdida de memoria en sun3_82586_send_packet(). sun3_82586_send_packet() devuelve NETDEV_TX_OK sin liberar skb en caso de que skb->len sea demasiado largo, agrega dev_kfree_skb() para solucionarlo. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 https://git.kernel.org/stable/c/137010d26dc5cd47cd62fef77cbe952d31951b7a https://git.kernel.org/stable/c/8d5b20fbc548650019afa96822b6a33ea4ec8aa5 https://git.kernel.org/stable/c/db755e55349045375c5c7036e8650afb3ff419d8 https://git.kernel.org/stable/c/9c6ce55e6f0bd1541f112833006b4052614c7d94 https://git.kernel.org/stable/c/1a17a4ac2d57102497fac53b53c666dba6a0c20d https://git.kernel.org/stable/c/6dc937a3086e344f965ca5c459f8f3eb6b68d890 https://git.kernel.org/stable/c/84f2bac74000dbb7a177d9b98a17031ec •
CVE-2024-50167 – be2net: fix potential memory leak in be_xmit()
https://notcve.org/view.php?id=CVE-2024-50167
In the Linux kernel, the following vulnerability has been resolved: be2net: fix potential memory leak in be_xmit() The be_xmit() returns NETDEV_TX_OK without freeing skb in case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: be2net: corrige una posible pérdida de memoria en be_xmit(). Be_xmit() devuelve NETDEV_TX_OK sin liberar skb en caso de que be_xmit_enqueue() falle, agregue dev_kfree_skb_any() para solucionarlo. • https://git.kernel.org/stable/c/760c295e0e8d982917d004c9095cff61c0cbd803 https://git.kernel.org/stable/c/941026023c256939943a47d1c66671526befbb26 https://git.kernel.org/stable/c/6b7ce8ee01c33c380aaa5077ff25215492e7eb0e https://git.kernel.org/stable/c/77bc881d370e850b7f3cd2b5eae67d596b40efbc https://git.kernel.org/stable/c/919ab6e2370289a2748780f44a43333cd3878aa7 https://git.kernel.org/stable/c/4c5f170ef4f85731a4d43ad9a6ac51106c0946be https://git.kernel.org/stable/c/641c1beed52bf3c6deb0193fe4d38ec9ff75d2ae https://git.kernel.org/stable/c/e86a79b804e26e3b7f1e415b22a085c0b •