CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26913 – drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue
https://notcve.org/view.php?id=CVE-2024-26913
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue [why] odm calculation is missing for pipe split policy determination and cause Underflow/Corruption issue. [how] Add the odm calculation. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: solucione el problema de corrupción/desbordamiento de dcn35 8k30 [por qué] falta el cálculo de odm para la determinación de la política de división de tuberías y causa un problema de corrupción/desbordamiento. [cómo] Agregue el cálculo de odm. • https://git.kernel.org/stable/c/cdbe0be8874c63bca85b8c38e5b1eecbdd18df31 https://git.kernel.org/stable/c/faf51b201bc42adf500945732abb6220c707d6f3 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26912 – drm/nouveau: fix several DMA buffer leaks
https://notcve.org/view.php?id=CVE-2024-26912
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix several DMA buffer leaks Nouveau manages GSP-RM DMA buffers with nvkm_gsp_mem objects. Several of these buffers are never dealloced. Some of them can be deallocated right after GSP-RM is initialized, but the rest need to stay until the driver unloads. Also futher bullet-proof these objects by poisoning the buffer and clearing the nvkm_gsp_mem object when it is deallocated. Poisoning the buffer should trigger an error (or crash) from GSP-RM if it tries to access the buffer after we've deallocated it, because we were wrong about when it is safe to deallocate. Finally, change the mem->size field to a size_t because that's the same type that dma_alloc_coherent expects. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/nouveau: corrige varias fugas del búfer DMA Nouveau administra los buffers DMA GSP-RM con objetos nvkm_gsp_mem. • https://git.kernel.org/stable/c/176fdcbddfd288408ce8571c1760ad618d962096 https://git.kernel.org/stable/c/6190d4c08897d748dd25f0b78267a90aa1694e15 https://git.kernel.org/stable/c/042b5f83841fbf7ce39474412db3b5e4765a7ea7 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26911 – drm/buddy: Fix alloc_range() error handling code
https://notcve.org/view.php?id=CVE-2024-26911
In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Fix alloc_range() error handling code Few users have observed display corruption when they boot the machine to KDE Plasma or playing games. We have root caused the problem that whenever alloc_range() couldn't find the required memory blocks the function was returning SUCCESS in some of the corner cases. The right approach would be if the total allocated size is less than the required size, the function should return -ENOSPC. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/buddy: corrige el código de manejo de errores alloc_range() Pocos usuarios han observado daños en la pantalla cuando inician la máquina en KDE Plasma o juegan juegos. Hemos causado el problema de que cada vez que alloc_range() no podía encontrar los bloques de memoria requeridos, la función devolvía ÉXITO en algunos de los casos de esquina. El enfoque correcto sería que si el tamaño total asignado es menor que el tamaño requerido, la función debería devolver -ENOSPC. • https://git.kernel.org/stable/c/0a1844bf0b532d84324453374ad6845f64066c28 https://git.kernel.org/stable/c/4b59c3fada06e5e8010ef7700689c71986e667a2 https://git.kernel.org/stable/c/8746c6c9dfa31d269c65dd52ab42fde0720b7d91 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26910 – netfilter: ipset: fix performance regression in swap operation
https://notcve.org/view.php?id=CVE-2024-26910
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix performance regression in swap operation The patch "netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test", commit 28628fa9 fixes a race condition. But the synchronize_rcu() added to the swap function unnecessarily slows it down: it can safely be moved to destroy and use call_rcu() instead. Eric Dumazet pointed out that simply calling the destroy functions as rcu callback does not work: sets with timeout use garbage collectors which need cancelling at destroy which can wait. Therefore the destroy functions are split into two: cancelling garbage collectors safely at executing the command received by netlink and moving the remaining part only into the rcu callback. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: ipset: corrige la regresión de rendimiento en la operación de intercambio El parche "netfilter: ipset: corrige la condición de ejecución entre swap/destroy y add/del/test del lado del kernel", commit 28628fa9 corrige un condición de ejecución. Pero elsync_rcu() agregado a la función swap la ralentiza innecesariamente: se puede mover con seguridad para destruir y usar call_rcu() en su lugar. Eric Dumazet señaló que simplemente llamar a las funciones de destrucción como devolución de llamada de rcu no funciona: los conjuntos con tiempo de espera usan recolectores de basura que necesitan cancelarse en la destrucción y que pueden esperar. • https://git.kernel.org/stable/c/427deb5ba5661c4ae1cfb35955d2e01bd5f3090a https://git.kernel.org/stable/c/e7152a138a5ac77439ff4e7a7533448a7d4c260d https://git.kernel.org/stable/c/8bb930c3a1eacec1b14817f565ff81667c7c5dfa https://git.kernel.org/stable/c/875ee3a09e27b7adb7006ca6d16faf7f33415aa5 https://git.kernel.org/stable/c/23c31036f862582f98386120aee55c9ae23d7899 https://git.kernel.org/stable/c/28628fa952fefc7f2072ce6e8016968cc452b1ba https://git.kernel.org/stable/c/a12606e5ad0cee8f4ba3ec68561c4d6275d2df57 https://git.kernel.org/stable/c/c7f2733e5011bfd136f1ca93497394d43 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52645 – pmdomain: mediatek: fix race conditions with genpd
https://notcve.org/view.php?id=CVE-2023-52645
In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and *after that* the driver attempts to power them on in the probe sequence, then it is possible that a race condition occurs if genpd tries to power them on in the same time. The same is valid for powering them off before unregistering them from genpd. Attempt to fix race conditions by first removing the domains from genpd and *after that* powering down domains. Also first power up the domains and *after that* register them to genpd. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pmdomain: mediatek: corrige las condiciones de ejecución con genpd, si los dominios de energía se registran primero con genpd y *después de eso* el controlador intenta encenderlos en la secuencia de sonda, entonces es Es posible que se produzca una condición de ejecución si genpd intenta encenderlos al mismo tiempo. Lo mismo es válido para apagarlos antes de cancelar su registro en genpd. Intente arreglar las condiciones de ejecución eliminando primero los dominios de genpd y *después* apagando los dominios. También primero encienda los dominios y *después* regístrelos en genpd. • https://git.kernel.org/stable/c/59b644b01cf48d6042f3c5983d464921a4920845 https://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438 https://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff https://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25 https://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b https://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •