CVE-2024-46774 – powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
https://notcve.org/view.php?id=CVE-2024-46774
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Smatch warns: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential spectre issue 'args.args' [r] (local cap) The 'nargs' and 'nret' locals come directly from a user-supplied buffer and are used as indexes into a small stack-based array and as inputs to copy_to_user() after they are subject to bounds checks. Use array_index_nospec() after the bounds checks to clamp these values for speculative execution. • https://git.kernel.org/stable/c/68d8156480940b79227d58865ec5d2947b9384a8 https://git.kernel.org/stable/c/0974d03eb479384466d828d65637814bee6b26d7 •
CVE-2024-46773 – drm/amd/display: Check denominator pbn_div before used
https://notcve.org/view.php?id=CVE-2024-46773
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check denominator pbn_div before used [WHAT & HOW] A denominator cannot be 0, and is checked before used. This fixes 1 DIVIDE_BY_ZERO issue reported by Coverity. • https://git.kernel.org/stable/c/20e7164c52d9bfbb9d9862b833fa989624a61345 https://git.kernel.org/stable/c/dfafee0a7b51c7c9612edd2d991401294964d02f https://git.kernel.org/stable/c/11f997143c67680d6e40a13363618380cd57a414 https://git.kernel.org/stable/c/116a678f3a9abc24f5c9d2525b7393d18d9eb58e •
CVE-2024-46772 – drm/amd/display: Check denominator crb_pipes before used
https://notcve.org/view.php?id=CVE-2024-46772
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check denominator crb_pipes before used [WHAT & HOW] A denominator cannot be 0, and is checked before used. This fixes 2 DIVIDE_BY_ZERO issues reported by Coverity. • https://git.kernel.org/stable/c/ede06d23392529b039cf7ac11b5875b047900f1c https://git.kernel.org/stable/c/ea79068d4073bf303f8203f2625af7d9185a1bc6 •
CVE-2024-46762 – xen: privcmd: Fix possible access to a freed kirqfd instance
https://notcve.org/view.php?id=CVE-2024-46762
In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and privcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd created and added to the irqfds_list by privcmd_irqfd_assign() may get removed by another thread executing privcmd_irqfd_deassign(), while the former is still using it after dropping the locks. This can lead to a situation where an already freed kirqfd instance may be accessed and cause kernel oops. Use SRCU locking to prevent the same, as is done for the KVM implementation for irqfds. • https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527 https://git.kernel.org/stable/c/112fd2f02b308564724b8e81006c254d20945c4b https://git.kernel.org/stable/c/611ff1b1ae989a7bcce3e2a8e132ee30e968c557 •
CVE-2024-46761 – pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
https://notcve.org/view.php?id=CVE-2024-46761
In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The crash occurs because although the MSI data structure has been released during disable/hot-unplug path and it has been assigned with NULL, still during unregistration the code was again trying to explicitly disable the MSI which causes the NULL pointer dereference and kernel crash. The patch fixes the check during unregistration path to prevent invoking pci_disable_msi/msix() since its data structure is already freed. • https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048 https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55 https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59 https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4 https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689 https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f6 •