CVE-2024-42121 – drm/amd/display: Check index msg_id before read or write
https://notcve.org/view.php?id=CVE-2024-42121
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check index msg_id before read or write [WHAT] msg_id is used as an array index and it cannot be a negative value, and therefore cannot be equal to MOD_HDCP_MESSAGE_ID_INVALID (-1). [HOW] Check whether msg_id is valid before reading and setting. This fixes 4 OVERRUN issues reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check index msg_id before read or write [WHAT]... • https://git.kernel.org/stable/c/b5b8837d066cc182ff69fb5629ad32ade5484567 •
CVE-2024-42120 – drm/amd/display: Check pipe offset before setting vblank
https://notcve.org/view.php?id=CVE-2024-42120
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check pipe offset before setting vblank pipe_ctx has a size of MAX_PIPES so checking its index before accessing the array. This fixes an OVERRUN issue reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check pipe offset before setting vblank pipe_ctx has a size of MAX_PIPES so checking its index before accessing the array. This fixes an OVERRUN issue reported by Coveri... • https://git.kernel.org/stable/c/b2e9abc95583ac7bbb2c47da4d476a798146dfd6 •
CVE-2024-42119 – drm/amd/display: Skip finding free audio for unknown engine_id
https://notcve.org/view.php?id=CVE-2024-42119
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip finding free audio for unknown engine_id [WHY] ENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it also means it is uninitialized and does not need free audio. [HOW] Skip and return NULL. This fixes 2 OVERRUN issues reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip finding free audio for unknown engine_id [WHY] ENGINE_ID_UNKNOWN = -1 and c... • https://git.kernel.org/stable/c/9eb4db08a808e3a3ba59193aeb84a57a6dc4d8c9 •
CVE-2024-42118 – drm/amd/display: Do not return negative stream id for array
https://notcve.org/view.php?id=CVE-2024-42118
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not return negative stream id for array [WHY] resource_stream_to_stream_idx returns an array index and it return -1 when not found; however, -1 is not a valid array index number. [HOW] When this happens, call ASSERT(), and return a zero instead. This fixes an OVERRUN and an NEGATIVE_RETURNS issues reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not return nega... • https://git.kernel.org/stable/c/a76fa9c4f0fc0aa6f517da3fa7d7c23e8a32c7d0 •
CVE-2024-42117 – drm/amd/display: ASSERT when failing to find index by plane/stream id
https://notcve.org/view.php?id=CVE-2024-42117
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: ASSERT when failing to find index by plane/stream id [WHY] find_disp_cfg_idx_by_plane_id and find_disp_cfg_idx_by_stream_id returns an array index and they return -1 when not found; however, -1 is not a valid index number. [HOW] When this happens, call ASSERT(), and return a positive number (which is fewer than callers' array size) instead. This fixes 4 OVERRUN and 2 NEGATIVE_RETURNS issues reported by Coverity. In the Linu... • https://git.kernel.org/stable/c/a9c047a5cf3135b8b66bd28fbe2c698b9cace0b3 •
CVE-2024-42115 – jffs2: Fix potential illegal address access in jffs2_free_inode
https://notcve.org/view.php?id=CVE-2024-42115
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2_free_inode During the stress testing of the jffs2 file system,the following abnormal printouts were found: [ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948 [ 2430.649622] Mem abort info: [ 2430.649829] ESR = 0x96000004 [ 2430.650115] EC = 0x25: DABT (current EL), IL = 32 bits [ 2430.650564] SET = 0, FnV = 0 [ 2430.650795] EA = 0, S1PTW = 0 [ 2430.6... • https://git.kernel.org/stable/c/b6c8b3e31eb88c85094d848a0bd8b4bafe67e4d8 •
CVE-2024-42114 – wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
https://notcve.org/view.php?id=CVE-2024-42114
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values syzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM to 2^31. We had a similar issue in sch_fq, fixed with commit d9e15a273306 ("pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM") watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/1:0:24] Modules linked in: irq event stamp: 131135 hardirqs last enabled at (131134): [
CVE-2024-42113 – net: txgbe: initialize num_q_vectors for MSI/INTx interrupts
https://notcve.org/view.php?id=CVE-2024-42113
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts When using MSI/INTx interrupts, wx->num_q_vectors is uninitialized. Thus there will be kernel panic in wx_alloc_q_vectors() to allocate queue vectors. In the Linux kernel, the following vulnerability has been resolved: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts When using MSI/INTx interrupts, wx->num_q_vectors is uninitialized. Thus there will be kernel panic in ... • https://git.kernel.org/stable/c/3f703186113fac0f3c965204b2cbb22a03322e2c •
CVE-2024-42112 – net: txgbe: free isb resources at the right time
https://notcve.org/view.php?id=CVE-2024-42112
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: txgbe: free isb resources at the right time When using MSI/INTx interrupt, the shared interrupts are still being handled in the device remove routine, before free IRQs. So isb memory is still read after it is freed. Thus move wx_free_isb_resources() from txgbe_close() to txgbe_remove(). And fix the improper isb free action in txgbe_open() error handling path. In the Linux kernel, the following vulnerability has been resolved: net: txgb... • https://git.kernel.org/stable/c/aefd013624a10f39b0bfaee8432a235128705380 •
CVE-2024-42111 – btrfs: always do the basic checks for btrfs_qgroup_inherit structure
https://notcve.org/view.php?id=CVE-2024-42111
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: always do the basic checks for btrfs_qgroup_inherit structure [BUG] Syzbot reports the following regression detected by KASAN: BUG: KASAN: slab-out-of-bounds in btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277 Read of size 8 at addr ffff88814628ca50 by task syz-executor318/5171 CPU: 0 PID: 5171 Comm: syz-executor318 Not tainted 6.10.0-rc2-syzkaller-00010-g2ab795141095 #0 Hardware name: Google Google Compute Engine/Google Comp... • https://git.kernel.org/stable/c/b5357cb268c41b4e2b7383d2759fc562f5b58c33 •