CVE-2023-52818 – drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
https://notcve.org/view.php?id=CVE-2023-52818
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 For pptable structs that use flexible array sizes, use flexible arrays. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd: corrige el índice de matriz UBSAN fuera de límites para SMU7. Para estructuras pptable que usan tamaños de matriz flexibles, use matrices flexibles. • https://git.kernel.org/stable/c/e52e324a21341c97350d5f11de14721c1c609498 https://git.kernel.org/stable/c/cfd8cd907fd94538561479a43aea455f5cf16928 https://git.kernel.org/stable/c/c847379a5d00078ad6fcb1c24230e72c5609342f https://git.kernel.org/stable/c/8af28ae3acb736ada4ce3457662fa446cc913bb4 https://git.kernel.org/stable/c/acdb6830de02cf2873aeaccdf2d9bca4aee50e47 https://git.kernel.org/stable/c/fc9ac0e8e0bcb3740c6eaad3a1a50c20016d422b https://git.kernel.org/stable/c/6dffdddfca818c02a42b6caa1d9845995f0a1f94 https://git.kernel.org/stable/c/92a775e7c9707aed28782bafe636bf876 •
CVE-2023-52817 – drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
https://notcve.org/view.php?id=CVE-2023-52817
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL In certain types of chips, such as VEGA20, reading the amdgpu_regs_smc file could result in an abnormal null pointer access when the smc_rreg pointer is NULL. Below are the steps to reproduce this issue and the corresponding exception log: 1. Navigate to the directory: /sys/kernel/debug/dri/0 2. Execute command: cat amdgpu_regs_smc 3. Exception Log:: [4005007.702554] BUG: kernel NULL pointer dereference, address: 0000000000000000 [4005007.702562] #PF: supervisor instruction fetch in kernel mode [4005007.702567] #PF: error_code(0x0010) - not-present page [4005007.702570] PGD 0 P4D 0 [4005007.702576] Oops: 0010 [#1] SMP NOPTI [4005007.702581] CPU: 4 PID: 62563 Comm: cat Tainted: G OE 5.15.0-43-generic #46-Ubunt u [4005007.702590] RIP: 0010:0x0 [4005007.702598] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. [4005007.702600] RSP: 0018:ffffa82b46d27da0 EFLAGS: 00010206 [4005007.702605] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffa82b46d27e68 [4005007.702609] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9940656e0000 [4005007.702612] RBP: ffffa82b46d27dd8 R08: 0000000000000000 R09: ffff994060c07980 [4005007.702615] R10: 0000000000020000 R11: 0000000000000000 R12: 00007f5e06753000 [4005007.702618] R13: ffff9940656e0000 R14: ffffa82b46d27e68 R15: 00007f5e06753000 [4005007.702622] FS: 00007f5e0755b740(0000) GS:ffff99479d300000(0000) knlGS:0000000000000000 [4005007.702626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [4005007.702629] CR2: ffffffffffffffd6 CR3: 00000003253fc000 CR4: 00000000003506e0 [4005007.702633] Call Trace: [4005007.702636] <TASK> [4005007.702640] amdgpu_debugfs_regs_smc_read+0xb0/0x120 [amdgpu] [4005007.703002] full_proxy_read+0x5c/0x80 [4005007.703011] vfs_read+0x9f/0x1a0 [4005007.703019] ksys_read+0x67/0xe0 [4005007.703023] __x64_sys_read+0x19/0x20 [4005007.703028] do_syscall_64+0x5c/0xc0 [4005007.703034] ? • https://git.kernel.org/stable/c/bf2d51eedf03bd61e3556e35d74d49e2e6112398 https://git.kernel.org/stable/c/437e0fa907ba39b4d7eda863c03ea9cf48bd93a9 https://git.kernel.org/stable/c/f475d5502f33a6c5b149b0afe96316ad1962a64a https://git.kernel.org/stable/c/174f62a0aa15c211e60208b41ee9e7cdfb73d455 https://git.kernel.org/stable/c/6c1b3d89a2dda79881726bb6e37af19c0936d736 https://git.kernel.org/stable/c/820daf9ffe2b0afb804567b10983fb38bc5ae288 https://git.kernel.org/stable/c/ba3c0796d292de84f2932cc5bbb0f771fc720996 https://git.kernel.org/stable/c/5104fdf50d326db2c1a994f8b35dcd46e • CWE-476: NULL Pointer Dereference •
CVE-2023-52816 – drm/amdkfd: Fix shift out-of-bounds issue
https://notcve.org/view.php?id=CVE-2023-52816
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix shift out-of-bounds issue [ 567.613292] shift exponent 255 is too large for 64-bit type 'long unsigned int' [ 567.614498] CPU: 5 PID: 238 Comm: kworker/5:1 Tainted: G OE 6.2.0-34-generic #34~22.04.1-Ubuntu [ 567.614502] Hardware name: AMD Splinter/Splinter-RPL, BIOS WS43927N_871 09/25/2023 [ 567.614504] Workqueue: events send_exception_work_handler [amdgpu] [ 567.614748] Call Trace: [ 567.614750] <TASK> [ 567.614753] dump_stack_lvl+0x48/0x70 [ 567.614761] dump_stack+0x10/0x20 [ 567.614763] __ubsan_handle_shift_out_of_bounds+0x156/0x310 [ 567.614769] ? srso_alias_return_thunk+0x5/0x7f [ 567.614773] ? update_sd_lb_stats.constprop.0+0xf2/0x3c0 [ 567.614780] svm_range_split_by_granularity.cold+0x2b/0x34 [amdgpu] [ 567.615047] ? srso_alias_return_thunk+0x5/0x7f [ 567.615052] svm_migrate_to_ram+0x185/0x4d0 [amdgpu] [ 567.615286] do_swap_page+0x7b6/0xa30 [ 567.615291] ? srso_alias_return_thunk+0x5/0x7f [ 567.615294] ? • https://git.kernel.org/stable/c/3f7a400d5e80f99581e3e8a9843e1f6118bf454f https://git.kernel.org/stable/c/2806f880379232e789957c2078d612669eb7a69c https://git.kernel.org/stable/c/d33a35b13cbfec3238043f196fa87a6384f9d087 https://git.kernel.org/stable/c/56649c43d40ce0147465a2d5756d300e87f9ee1c https://git.kernel.org/stable/c/282c1d793076c2edac6c3db51b7e8ed2b41d60a5 •
CVE-2023-52815 – drm/amdgpu/vkms: fix a possible null pointer dereference
https://notcve.org/view.php?id=CVE-2023-52815
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vkms: fix a possible null pointer dereference In amdgpu_vkms_conn_get_modes(), the return value of drm_cvt_mode() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_cvt_mode(). Add a check to avoid null pointer dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu/vkms: soluciona una posible desreferencia del puntero null. En amdgpu_vkms_conn_get_modes(), el valor de retorno de drm_cvt_mode() se asigna al modo, lo que provocará una desreferencia del puntero NULL en falla de drm_cvt_mode(). Agregue una marca para evitar la desreferencia del puntero null. • https://git.kernel.org/stable/c/eaa03ea366c85ae3cb69c8d4bbc67c8bc2167a27 https://git.kernel.org/stable/c/33fb1a555354bd593f785935ddcb5d9dd4d3847f https://git.kernel.org/stable/c/8c6c85a073768df68c1a3fea143d013a38c66d34 https://git.kernel.org/stable/c/70f831f21155c692bb336c434936fd6f24f3f81a https://git.kernel.org/stable/c/cd90511557fdfb394bb4ac4c3b539b007383914c • CWE-476: NULL Pointer Dereference •
CVE-2023-52814 – drm/amdgpu: Fix potential null pointer derefernce
https://notcve.org/view.php?id=CVE-2023-52814
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential null pointer derefernce The amdgpu_ras_get_context may return NULL if device not support ras feature, so add check before using. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu: soluciona una posible desreferencia del puntero null. Amdgpu_ras_get_context puede devolver NULL si el dispositivo no admite la función ras, así que agregue la verificación antes de usarlo. • https://git.kernel.org/stable/c/b93a25de28af153312f0fc979b0663fc4bd3442b https://git.kernel.org/stable/c/c11cf5e117f50f5a767054600885acd981449afe https://git.kernel.org/stable/c/9b70fc7d70e8ef7c4a65034c9487f58609e708a1 https://git.kernel.org/stable/c/b0702ee4d811708251cdf54d4a1d3e888d365111 https://git.kernel.org/stable/c/da46e63482fdc5e35c008865c22ac64027f6f0c2 https://git.kernel.org/stable/c/80285ae1ec8717b597b20de38866c29d84d321a1 • CWE-476: NULL Pointer Dereference •