CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27043 – media: edia: dvbdev: fix a use-after-free
https://notcve.org/view.php?id=CVE-2024-27043
In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain: budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put |-> kref_put When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in dvb_register_device) could point to memory that had been freed in dvb_register_device. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: edia: dvbdev: corregir un use-after-free En dvb_register_device, *pdvbdev se establece igual a dvbdev, que se libera en varias rutas de manejo de errores. • https://git.kernel.org/stable/c/b61901024776b25ce7b8edc31bb1757c7382a88e https://git.kernel.org/stable/c/d0f5c28333822f9baa5280d813124920720fd856 https://git.kernel.org/stable/c/f20c3270f3ed5aa6919a87e4de9bf6c05fb57086 https://git.kernel.org/stable/c/096237039d00c839f3e3a5fe6d001bf0db45b644 https://git.kernel.org/stable/c/0d3fe80b6d175c220b3e252efc6c6777e700e98e https://git.kernel.org/stable/c/437a111f79a2f5b2a5f21e27fdec6f40c8768712 https://git.kernel.org/stable/c/779e8db7efb22316c8581d6c229636d2f5694a62 https://git.kernel.org/stable/c/35674111a043b0482a9bc69da8850a83f •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27042 – drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()'
https://notcve.org/view.php?id=CVE-2024-27042
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' The issue arises when the array 'adev->vcn.vcn_config' is accessed before checking if the index 'adev->vcn.num_vcn_inst' is within the bounds of the array. The fix involves moving the bounds check before the array access. This ensures that 'adev->vcn.num_vcn_inst' is within the bounds of the array before it is used as an index. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1289 amdgpu_discovery_reg_base_init() error: testing array offset 'adev->vcn.num_vcn_inst' after use. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu: corrige el posible acceso fuera de los límites en 'amdgpu_discovery_reg_base_init()'. El problema surge cuando se accede a la matriz 'adev->vcn.vcn_config' antes de verificar si el El índice 'adev->vcn.num_vcn_inst' está dentro de los límites de la matriz. La solución implica mover la verificación de los límites antes del acceso a la matriz. • https://git.kernel.org/stable/c/a0ccc717c4ab3ef572f023fdceffb4b6df496a0d https://git.kernel.org/stable/c/8f3e68c6a3fff53c2240762a47a0045d89371775 https://git.kernel.org/stable/c/b33d4af102b9c1f7a83d3f0ad3cab7d2bab8f058 https://git.kernel.org/stable/c/8db10cee51e3e11a6658742465edc21986cf1e8d https://git.kernel.org/stable/c/cdb637d339572398821204a1142d8d615668f1e9 https://access.redhat.com/security/cve/CVE-2024-27042 https://bugzilla.redhat.com/show_bug.cgi?id=2278447 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27041 – drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()
https://notcve.org/view.php?id=CVE-2024-27041
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() Since 'adev->dm.dc' in amdgpu_dm_fini() might turn out to be NULL before the call to dc_enable_dmub_notifications(), check beforehand to ensure there will not be a possible NULL-ptr-deref there. Also, since commit 1e88eb1b2c25 ("drm/amd/display: Drop CONFIG_DRM_AMD_DC_HDCP") there are two separate checks for NULL in 'adev->dm.dc' before dc_deinit_callbacks() and dc_dmub_srv_destroy(). Clean up by combining them all under one 'if'. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: corrige comprobaciones NULL para adev->dm.dc en amdgpu_dm_fini() Dado que 'adev->dm.dc' en amdgpu_dm_fini() podría resultar ser NULL antes de llamar a dc_enable_dmub_notifications(), verifique de antemano para asegurarse de que no habrá un posible NULL-ptr-deref allí. Además, desde la confirmación 1e88eb1b2c25 ("drm/amd/display: Drop CONFIG_DRM_AMD_DC_HDCP") hay dos comprobaciones separadas para NULL en 'adev->dm.dc' antes de dc_deinit_callbacks() y dc_dmub_srv_destroy(). Limpia combinándolos todos bajo un solo "si". Encontrado por el Centro de verificación de Linux (linuxtesting.org) con la herramienta de análisis estático SVACE. • https://git.kernel.org/stable/c/81927e2808be5adace93c2012d45d6938d3a7aa0 https://git.kernel.org/stable/c/e040f1fbe9abae91b12b074cfc3bbb5367b79811 https://git.kernel.org/stable/c/ca2eb375db76fd50f31afdd67d6ca4f833254957 https://git.kernel.org/stable/c/1c62697e4086de988b31124fb8c79c244ea05f2b https://git.kernel.org/stable/c/2a3cfb9a24a28da9cc13d2c525a76548865e182c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27040 – drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()'
https://notcve.org/view.php?id=CVE-2024-27040
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()' In the first if statement, we're checking if 'replay' is NULL. But in the second if statement, we're not checking if 'replay' is NULL again before calling replay->funcs->replay_set_power_opt(). if (replay == NULL && force_static) return false; ... if (link->replay_settings.replay_feature_enabled && replay->funcs->replay_set_power_opt) { replay->funcs->replay_set_power_opt(replay, *power_opts, panel_inst); link->replay_settings.replay_power_opt_active = *power_opts; } If 'replay' is NULL, this will cause a null pointer dereference. Fixes the below found by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:895 edp_set_replay_allow_active() error: we previously assumed 'replay' could be null (see line 887) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: agregue la verificación NULL 'replay' en 'edp_set_replay_allow_active()' En la primera declaración if, estamos verificando si 'replay' es NULL. Pero en la segunda declaración if, no estamos verificando si 'replay' es NULL nuevamente antes de llamar a replay->funcs->replay_set_power_opt(). si (repetición == NULL && force_static) devuelve falso; ... if (enlace->replay_settings.replay_feature_enabled && replay->funcs->replay_set_power_opt) { replay->funcs->replay_set_power_opt(replay, *power_opts, panel_inst); enlace->replay_settings.replay_power_opt_active = *power_opts; } Si 'repetición' es NULL, esto provocará una desreferencia del puntero nulo. Corrige el siguiente error encontrado por smatch: drivers/gpu/drm/amd/amdgpu/.. • https://git.kernel.org/stable/c/c7ddc0a800bc9f681a18c3bdd9f06b61adfabc11 https://git.kernel.org/stable/c/f610c46771ef1047e46d61807aa7c69cd29e63d8 https://git.kernel.org/stable/c/e7cadd5d3a8ffe334d0229ba9eda4290138d56e7 https://git.kernel.org/stable/c/d0e94f4807ff0df66cf447d6b4bbb8ac830e99c3 https://git.kernel.org/stable/c/f6aed043ee5d75b3d1bfc452b1a9584b63c8f76b •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27039 – clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
https://notcve.org/view.php?id=CVE-2024-27039
In the Linux kernel, the following vulnerability has been resolved: clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() 'p_clk' is an array allocated just before the for loop for all clk that need to be registered. It is incremented at each loop iteration. If a clk_register() call fails, 'p_clk' may point to something different from what should be freed. The best we can do, is to avoid this wrong release of memory. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: clk: hisilicon: hi3559a: corrige un devm_kfree() erróneo 'p_clk' es una matriz asignada justo antes del bucle for para todos los clk que deben registrarse. Se incrementa en cada iteración del bucle. Si falla una llamada a clk_register(), 'p_clk' puede señalar algo diferente de lo que debería liberarse. Lo mejor que podemos hacer es evitar esta liberación incorrecta de memoria. • https://git.kernel.org/stable/c/6c81966107dc0caa5d2ebedbcebb5f10d865064d https://git.kernel.org/stable/c/3f8445f1c746fda180a7f75372ed06b24e9cefe2 https://git.kernel.org/stable/c/e0b0d1c46a2ce1e46b79d004a7270fdef872e097 https://git.kernel.org/stable/c/95d1f1228c1bb54803ae57525b76db60e99b37e4 https://git.kernel.org/stable/c/2cc572e0085ebd4b662b74a0f43222bc00df9a00 https://git.kernel.org/stable/c/d575765b1b62e8bdb00af11caa1aabeb01763d9f https://git.kernel.org/stable/c/64c6a38136b74a2f18c42199830975edd9fbc379 •