CVE-2024-50181 – clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D
https://notcve.org/view.php?id=CVE-2024-50181
In the Linux kernel, the following vulnerability has been resolved: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D For i.MX7D DRAM related mux clock, the clock source change should ONLY be done done in low level asm code without accessing DRAM, and then calling clk API to sync the HW clock status with clk tree, it should never touch real clock source switch via clk API, so CLK_SET_PARENT_GATE flag should NOT be added, otherwise, DRAM's clock parent will be disabled when DRAM is active, and system will hang. • https://git.kernel.org/stable/c/b677b94a9193ec7b6607bd1255172ae59174a382 https://git.kernel.org/stable/c/d18dc8e14b9c794f58dae1577ccb2ab84a4a1b11 https://git.kernel.org/stable/c/11ceb17e6f07cc30410f3a6276cddda248a9b863 https://git.kernel.org/stable/c/339273a9ddfe7632b717c2e13e81cbd5d383e1ff https://git.kernel.org/stable/c/94f6cdc837e38371324cee97dfd2ef1a99a82c98 https://git.kernel.org/stable/c/a54c441b46a0745683c2eef5a359d22856d27323 •
CVE-2024-50180 – fbdev: sisfb: Fix strbuf array overflow
https://notcve.org/view.php?id=CVE-2024-50180
In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fix strbuf array overflow The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters and a space if the array contains non-digit characters. Then, when executing sprintf(strbuf, "%ux%ux8", xres, yres); more than 16 bytes will be written to strbuf. It is suggested to increase the size of the strbuf array to 24. Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/433c84c8495008922534c5cafdae6ff970fb3241 https://git.kernel.org/stable/c/57c4f4db0a194416da237fd09dad9527e00cb587 https://git.kernel.org/stable/c/252f147b1826cbb30ae0304cf86b66d3bb12b743 https://git.kernel.org/stable/c/41cf6f26abe4f491b694c54bd1aa2530369b7510 https://git.kernel.org/stable/c/889304120ecb2ca30674d89cd4ef15990b6a571c https://git.kernel.org/stable/c/688872c4ea4a528cd6a057d545c83506b533ee1f https://git.kernel.org/stable/c/11c0d49093b82f6c547fd419c41a982d26bdf5ef https://git.kernel.org/stable/c/9cf14f5a2746c19455ce9cb44341b5527 •
CVE-2024-50178 – cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request()
https://notcve.org/view.php?id=CVE-2024-50178
In the Linux kernel, the following vulnerability has been resolved: cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request() Use raw_smp_processor_id() instead of plain smp_processor_id() in do_service_request(), otherwise we may get some errors with the driver enabled: BUG: using smp_processor_id() in preemptible [00000000] code: (udev-worker)/208 caller is loongson3_cpufreq_probe+0x5c/0x250 [loongson3_cpufreq] • https://git.kernel.org/stable/c/2f78e4a6d2702ac03c2bf2ed3a0e344e1fa9f967 https://git.kernel.org/stable/c/2b7ec33e534f7a10033a5cf07794acf48b182bbe •
CVE-2024-50177 – drm/amd/display: fix a UBSAN warning in DML2.1
https://notcve.org/view.php?id=CVE-2024-50177
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a UBSAN warning in DML2.1 When programming phantom pipe, since cursor_width is explicity set to 0, this causes calculation logic to trigger overflow for an unsigned int triggering the kernel's UBSAN check as below: [ 40.962845] UBSAN: shift-out-of-bounds in /tmp/amd.EfpumTkO/amd/amdgpu/../display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c:3312:34 [ 40.962849] shift exponent 4294967170 is too large for 32-bit type 'unsigned int' [ 40.962852] CPU: 1 PID: 1670 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu [ 40.962854] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F21 01/10/2024 [ 40.962856] Call Trace: [ 40.962857] <TASK> [ 40.962860] dump_stack_lvl+0x48/0x70 [ 40.962870] dump_stack+0x10/0x20 [ 40.962872] __ubsan_handle_shift_out_of_bounds+0x1ac/0x360 [ 40.962878] calculate_cursor_req_attributes.cold+0x1b/0x28 [amdgpu] [ 40.963099] dml_core_mode_support+0x6b91/0x16bc0 [amdgpu] [ 40.963327] ? srso_alias_return_thunk+0x5/0x7f [ 40.963331] ? CalculateWatermarksMALLUseAndDRAMSpeedChangeSupport+0x18b8/0x2790 [amdgpu] [ 40.963534] ? • https://git.kernel.org/stable/c/27bc3da5eae57e3af8f5648b4498ffde48781434 https://git.kernel.org/stable/c/eaf3adb8faab611ba57594fa915893fc93a7788c •
CVE-2024-50143 – udf: fix uninit-value use in udf_get_fileshortad
https://notcve.org/view.php?id=CVE-2024-50143
In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMSAN bug[1]. After applying the patch reproducer did not trigger any issue[2]. [1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df [2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udf: se corrige el uso de un valor no inicializado en udf_get_fileshortad. Se comprueba si hay desbordamiento al calcular alen en udf_current_aext para mitigar el uso posterior de un valor no inicializado en udf_get_fileshortad. Error de KMSAN[1]. • https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b https://git.kernel.org/stable/c/417bd613bdbe791549f7687bb1b9b8012ff111c2 https://git.kernel.org/stable/c/4fc0d8660e391dcd8dde23c44d702be1f6846c61 https://git.kernel.org/stable/c/72e445df65a0aa9066c6fe2b8736ba2fcca6dac7 https://git.kernel.org/stable/c/1ac49babc952f48d82676979b20885e480e69be8 https://git.kernel.org/stable/c/e52e0b92ed31dc62afbda15c243dcee0bb5bb58d https://git.kernel.org/stable/c/264db9d666ad9a35075cc9ed9ec09d021580fbb1 •