CVE-2024-49972 – drm/amd/display: Deallocate DML memory if allocation fails
https://notcve.org/view.php?id=CVE-2024-49972
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Deallocate DML memory if allocation fails [Why] When DC state create DML memory allocation fails, memory is not deallocated subsequently, resulting in uninitialized structure that is not NULL. [How] Deallocate memory if DML memory allocation fails. • https://git.kernel.org/stable/c/80345daa5746184195f2d383a2f1bad058f0f94c https://git.kernel.org/stable/c/892abca6877a96c9123bb1c010cafccdf8ca1b75 •
CVE-2024-49971 – drm/amd/display: Increase array size of dummy_boolean
https://notcve.org/view.php?id=CVE-2024-49971
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase array size of dummy_boolean [WHY] dml2_core_shared_mode_support and dml_core_mode_support access the third element of dummy_boolean, i.e. hw_debug5 = &s->dummy_boolean[2], when dummy_boolean has size of 2. Any assignment to hw_debug5 causes an OVERRUN. [HOW] Increase dummy_boolean's array size to 3. This fixes 2 OVERRUN issues reported by Coverity. • https://git.kernel.org/stable/c/e9e48b7bb9cf3b78f0305ef0144aaf61da0a83d8 https://git.kernel.org/stable/c/6d64d39486197083497a01b39e23f2f8474b35d3 •
CVE-2024-49970 – drm/amd/display: Implement bounds check for stream encoder creation in DCN401
https://notcve.org/view.php?id=CVE-2024-49970
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN401 'stream_enc_regs' array is an array of dcn10_stream_enc_registers structures. The array is initialized with four elements, corresponding to the four calls to stream_enc_regs() in the array initializer. This means that valid indices for this array are 0, 1, 2, and 3. The error message 'stream_enc_regs' 4 <= 5 below, is indicating that there is an attempt to access this array with an index of 5, which is out of bounds. This could lead to undefined behavior Here, eng_id is used as an index to access the stream_enc_regs array. If eng_id is 5, this would result in an out-of-bounds access on the stream_enc_regs array. Thus fixing Buffer overflow error in dcn401_stream_encoder_create Found by smatch: drivers/gpu/drm/amd/amdgpu/.. • https://git.kernel.org/stable/c/b219b46ad42df1dea9258788bcfea37181f3ccb2 https://git.kernel.org/stable/c/bdf606810210e8e07a0cdf1af3c467291363b295 •
CVE-2024-49969 – drm/amd/display: Fix index out of bounds in DCN30 color transformation
https://notcve.org/view.php?id=CVE-2024-49969
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 color transformation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_hw_format` function in the DCN30 color management module. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, the function returns false to indicate an error. drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:180 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn30/dcn30_cm_common.c:181 cm3_helper_translate_curve_to_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/.. • https://git.kernel.org/stable/c/7ab69af56a23859b647dee69fa1052c689343621 https://git.kernel.org/stable/c/c13f9c62015c56a938304cef6d507227ea3e0039 https://git.kernel.org/stable/c/0f1e222a4b41d77c442901d166fbdca967af0d86 https://git.kernel.org/stable/c/929506d5671419cffd8d01e9a7f5eae53682a838 https://git.kernel.org/stable/c/578422ddae3d13362b64e77ef9bab98780641631 https://git.kernel.org/stable/c/b9d8b94ec7e67f0cae228c054f77b73967c389a3 https://git.kernel.org/stable/c/d81873f9e715b72d4f8d391c8eb243946f784dfc •
CVE-2024-49968 – ext4: filesystems without casefold feature cannot be mounted with siphash
https://notcve.org/view.php?id=CVE-2024-49968
In the Linux kernel, the following vulnerability has been resolved: ext4: filesystems without casefold feature cannot be mounted with siphash When mounting the ext4 filesystem, if the default hash version is set to DX_HASH_SIPHASH but the casefold feature is not set, exit the mounting. • https://git.kernel.org/stable/c/e1373903db6c4ac994de0d18076280ad88e12dee https://git.kernel.org/stable/c/985b67cd86392310d9e9326de941c22fc9340eec •