CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49901 – drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs
https://notcve.org/view.php?id=CVE-2024-49901
In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs There are some cases, such as the one uncovered by Commit 46d4efcccc68 ("drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails") where msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL); is called on gpu->pdev == NULL, as the GPU device has not been fully initialized yet. Turns out that there's more than just the aforementioned path that causes this to happen (e.g. the case when there's speedbin data in the catalog, but opp-supported-hw is missing in DT). Assigning msm_gpu->pdev earlier seems like the least painful solution to this, therefore do so. Patchwork: https://patchwork.freedesktop.org/patch/602742/ • https://git.kernel.org/stable/c/9288a9676c529ad9c856096db68fad812499bc4a https://git.kernel.org/stable/c/9773737375b20070ea935203fd66cb9fa17c5acb https://git.kernel.org/stable/c/e8ac2060597a5768e4699bb61d604b4c09927b85 https://git.kernel.org/stable/c/16007768551d5bfe53426645401435ca8d2ef54f •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-49900 – jfs: Fix uninit-value access of new_ea in ea_buffer
https://notcve.org/view.php?id=CVE-2024-49900
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of new_ea in ea_buffer syzbot reports that lzo1x_1_do_compress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178 ... Uninit was stored to memory at: ea_put fs/jfs/xattr.c:639 [inline] ... Local variable ea_buf created at: __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662 __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934 ===================================================== The reason is ea_buf->new_ea is not initialized properly. Fix this by using memset to empty its content at the beginning in ea_get(). • https://git.kernel.org/stable/c/8b1dcf25c26d42e4a68c4725ce52a0543c7878cc https://git.kernel.org/stable/c/d7444f91a9f93eaa48827087ed0f3381c194181d https://git.kernel.org/stable/c/6041536d18c5f51a84bc37cd568cbab61870031e https://git.kernel.org/stable/c/c076b3746224982eebdba5c9e4b1467e146c0d64 https://git.kernel.org/stable/c/7c244d5b48284a770d96ff703df2dfeadf804a73 https://git.kernel.org/stable/c/8ad8b531de79c348bcb8133e7f5e827b884226af https://git.kernel.org/stable/c/2b59ffad47db1c46af25ccad157bb3b25147c35c •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49899 – drm/amd/display: Initialize denominators' default to 1
https://notcve.org/view.php?id=CVE-2024-49899
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominators' default to 1 [WHAT & HOW] Variables used as denominators and maybe not assigned to other values, should not be 0. Change their default to 1 so they are never 0. This fixes 10 DIVIDE_BY_ZERO issues reported by Coverity. • https://git.kernel.org/stable/c/7f8e93b862aba08d540f1e9e03e0ceb4d0cfd5fb https://git.kernel.org/stable/c/b995c0a6de6c74656a0c39cd57a0626351b13e3c •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49898 – drm/amd/display: Check null-initialized variables
https://notcve.org/view.php?id=CVE-2024-49898
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null-initialized variables [WHAT & HOW] drr_timing and subvp_pipe are initialized to null and they are not always assigned new values. It is necessary to check for null before dereferencing. This fixes 2 FORWARD_NULL issues reported by Coverity. • https://git.kernel.org/stable/c/3fc70ae048fe0936761b73b50700a810ff61e853 https://git.kernel.org/stable/c/115b1a3b0944b4d8ef0b4b0c5a625bdd9474131f https://git.kernel.org/stable/c/367cd9ceba1933b63bc1d87d967baf6d9fd241d2 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49897 – drm/amd/display: Check phantom_stream before it is used
https://notcve.org/view.php?id=CVE-2024-49897
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check phantom_stream before it is used dcn32_enable_phantom_stream can return null, so returned value must be checked before used. This fixes 1 NULL_RETURNS issue reported by Coverity. • https://git.kernel.org/stable/c/1decf695ce08e23d9ded6ce83d121b2282ce9899 https://git.kernel.org/stable/c/3ba1219e299ab5462b5cb374c2fa2a67af0ea190 https://git.kernel.org/stable/c/3718a619a8c0a53152e76bb6769b6c414e1e83f4 •