CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26915 – drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
https://notcve.org/view.php?id=CVE-2024-26915
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Reset IH OVERFLOW_CLEAR bit Allows us to detect subsequent IH ring buffer overflows as well. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: Restablecer el bit IH OVERFLOW_CLEAR También nos permite detectar desbordamientos posteriores del búfer en anillo IH. A flaw was found in the Linux kernel. The IH OVERFLOW_CLEAR bit was not reset. • https://git.kernel.org/stable/c/9a9d00c23d170d4ef5a1b28e6b69f5c85dd12bc1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26914 – drm/amd/display: fix incorrect mpc_combine array size
https://notcve.org/view.php?id=CVE-2024-26914
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix incorrect mpc_combine array size [why] MAX_SURFACES is per stream, while MAX_PLANES is per asic. The mpc_combine is an array that records all the planes per asic. Therefore MAX_PLANES should be used as the array size. Using MAX_SURFACES causes array overflow when there are more than 3 planes. [how] Use the MAX_PLANES for the mpc_combine array size. • https://git.kernel.org/stable/c/0bd8ef618a42d7e6ea3f701065264e15678025e3 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26913 – drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue
https://notcve.org/view.php?id=CVE-2024-26913
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue [why] odm calculation is missing for pipe split policy determination and cause Underflow/Corruption issue. [how] Add the odm calculation. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: solucione el problema de corrupción/desbordamiento de dcn35 8k30 [por qué] falta el cálculo de odm para la determinación de la política de división de tuberías y caus... • https://git.kernel.org/stable/c/cdbe0be8874c63bca85b8c38e5b1eecbdd18df31 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26912 – drm/nouveau: fix several DMA buffer leaks
https://notcve.org/view.php?id=CVE-2024-26912
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix several DMA buffer leaks Nouveau manages GSP-RM DMA buffers with nvkm_gsp_mem objects. Several of these buffers are never dealloced. Some of them can be deallocated right after GSP-RM is initialized, but the rest need to stay until the driver unloads. Also futher bullet-proof these objects by poisoning the buffer and clearing the nvkm_gsp_mem object when it is deallocated. Poisoning the buffer should trigger an error (or cr... • https://git.kernel.org/stable/c/176fdcbddfd288408ce8571c1760ad618d962096 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26911 – drm/buddy: Fix alloc_range() error handling code
https://notcve.org/view.php?id=CVE-2024-26911
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Fix alloc_range() error handling code Few users have observed display corruption when they boot the machine to KDE Plasma or playing games. We have root caused the problem that whenever alloc_range() couldn't find the required memory blocks the function was returning SUCCESS in some of the corner cases. The right approach would be if the total allocated size is less than the required size, the function should return -ENOSPC. En e... • https://git.kernel.org/stable/c/0a1844bf0b532d84324453374ad6845f64066c28 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26910 – netfilter: ipset: fix performance regression in swap operation
https://notcve.org/view.php?id=CVE-2024-26910
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix performance regression in swap operation The patch "netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test", commit 28628fa9 fixes a race condition. But the synchronize_rcu() added to the swap function unnecessarily slows it down: it can safely be moved to destroy and use call_rcu() instead. Eric Dumazet pointed out that simply calling the destroy functions as rcu callback does not work:... • https://git.kernel.org/stable/c/427deb5ba5661c4ae1cfb35955d2e01bd5f3090a • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52645 – pmdomain: mediatek: fix race conditions with genpd
https://notcve.org/view.php?id=CVE-2023-52645
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and *after that* the driver attempts to power them on in the probe sequence, then it is possible that a race condition occurs if genpd tries to power them on in the same time. The same is valid for powering them off before unregistering them from genpd. Attempt to fix race conditions by first removing the domains from genpd and *after tha... • https://git.kernel.org/stable/c/59b644b01cf48d6042f3c5983d464921a4920845 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26909 – soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free
https://notcve.org/view.php?id=CVE-2024-26909
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free A recent DRM series purporting to simplify support for "transparent bridges" and handling of probe deferrals ironically exposed a use-after-free issue on pmic_glink_altmode probe deferral. This has manifested itself as the display subsystem occasionally failing to initialise and NULL-pointer dereferences during boot of machines like the Lenovo ThinkPad X13s. Specifically, the dp-h... • https://git.kernel.org/stable/c/080b4e24852b1d5b66929f69344e6c3eeb963941 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26907 – RDMA/mlx5: Fix fortify source warning while accessing Eth segment
https://notcve.org/view.php?id=CVE-2024-26907
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------[ cut here ]------------ memcpy: detected field-spanning write (size 56) of single field "eseg->inline_hdr.start" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2) WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] Modules linke... • https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26906 – x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
https://notcve.org/view.php?id=CVE-2024-26906
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() When trying to use copy_from_kernel_nofault() to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for address: ffffffffff600000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 3231067 P4D 3231067 PUD 3233067 PMD 3235067 PTE 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 20390 ... • https://git.kernel.org/stable/c/6e4694e65b6db4c3de125115dd4f55848cc48381 • CWE-20: Improper Input Validation •