CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46822 – arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
https://notcve.org/view.php?id=CVE-2024-46822
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry In a review discussion of the changes to support vCPU hotplug where a check was added on the GICC being enabled if was online, it was noted that there is need to map back to the cpu and use that to index into a cpumask. As such, a valid ID is needed. If an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible for the entry in cpu_madt_gicc[cpu] == NULL. This ... • https://git.kernel.org/stable/c/f57769ff6fa7f97f1296965f20e8a2bb3ee9fd0f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46821 – drm/amd/pm: Fix negative array index read
https://notcve.org/view.php?id=CVE-2024-46821
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix negative array index read Avoid using the negative values for clk_idex as an index into an array pptable->DpmDescriptor. V2: fix clk_index return check (Tim Huang) Ubuntu Security Notice 7154-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. • https://git.kernel.org/stable/c/60f4a4bc3329e5cb8c4df0cc961f0d5ffd96e22d •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46820 – drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend
https://notcve.org/view.php?id=CVE-2024-46820
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend We do not directly enable/disable VCN IRQ in vcn 5.0.0. And we do not handle the IRQ state as well. So the calls to disable IRQ and set state are removed. This effectively gets rid of the warining of "WARN_ON(!amdgpu_irq_enabled(adev, src, type))" in amdgpu_irq_put(). • https://git.kernel.org/stable/c/aa92264ba6fd4fb570002f69762634221316e7ae •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46819 – drm/amdgpu: the warning dereferencing obj for nbio_v7_4
https://notcve.org/view.php?id=CVE-2024-46819
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: the warning dereferencing obj for nbio_v7_4 if ras_manager obj null, don't print NBIO err data Ubuntu Security Notice 7144-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of ... • https://git.kernel.org/stable/c/614564a5b28983de53b23a358ebe6c483a2aa21e •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46818 – drm/amd/display: Check gpio_id before used as array index
https://notcve.org/view.php?id=CVE-2024-46818
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpio_id before used as array index [WHY & HOW] GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore should be checked in advance. This fixes 5 OVERRUN issues reported by Coverity. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to ... • https://git.kernel.org/stable/c/8520fdc8ecc38f240a8e9e7af89cca6739c3e790 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46817 – drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
https://notcve.org/view.php?id=CVE-2024-46817
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 [Why] Coverity reports OVERRUN warning. Should abort amdgpu_dm initialize. [How] Return failure to amdgpu_dm_init. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Sever... • https://git.kernel.org/stable/c/d619b91d3c4af60ac422f1763ce53d721fb91262 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46816 – drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links
https://notcve.org/view.php?id=CVE-2024-46816
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links [Why] Coverity report OVERRUN warning. There are only max_links elements within dc->links. link count could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31. [How] Make sure link count less than max_links. Ubuntu Security Notice 7155-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. • https://git.kernel.org/stable/c/36c39a8dcce210649f2f45f252abaa09fcc1ae87 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46815 – drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
https://notcve.org/view.php?id=CVE-2024-46815
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] [WHY & HOW] num_valid_sets needs to be checked to avoid a negative index when accessing reader_wm_sets[num_valid_sets - 1]. This fixes an OVERRUN issue reported by Coverity. Ubuntu Security Notice 7144-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x8... • https://git.kernel.org/stable/c/a72d4996409569027b4609414a14a87679b12267 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46814 – drm/amd/display: Check msg_id before processing transcation
https://notcve.org/view.php?id=CVE-2024-46814
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check msg_id before processing transcation [WHY & HOW] HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid array index, and it needs checking before used. This fixes 4 OVERRUN issues reported by Coverity. Ubuntu Security Notice 7144-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platf... • https://git.kernel.org/stable/c/916083054670060023d3f8a8ace895d710e268f4 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46813 – drm/amd/display: Check link_index before accessing dc->links[]
https://notcve.org/view.php?id=CVE-2024-46813
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check link_index before accessing dc->links[] [WHY & HOW] dc->links[] has max size of MAX_LINKS and NULL is return when trying to access with out-of-bound index. This fixes 3 OVERRUN and 1 RESOURCE_LEAK issues reported by Coverity. Ubuntu Security Notice 7155-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. • https://git.kernel.org/stable/c/ac04759b4a002969cf0f1384f1b8bb2001cfa782 •