CVE-2024-27042 – drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()'
https://notcve.org/view.php?id=CVE-2024-27042
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' The issue arises when the array 'adev->vcn.vcn_config' is accessed before checking if the index 'adev->vcn.num_vcn_inst' is within the bounds of the array. The fix involves moving the bounds check before the array access. This ensures that 'adev->vcn.num_vcn_inst' is within the bounds of the array before it is used as an index. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1289 amdgpu_discovery_reg_base_init() error: testing array offset 'adev->vcn.num_vcn_inst' after use. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu: corrige el posible acceso fuera de los límites en 'amdgpu_discovery_reg_base_init()'. El problema surge cuando se accede a la matriz 'adev->vcn.vcn_config' antes de verificar si el El índice 'adev->vcn.num_vcn_inst' está dentro de los límites de la matriz. La solución implica mover la verificación de los límites antes del acceso a la matriz. • https://git.kernel.org/stable/c/a0ccc717c4ab3ef572f023fdceffb4b6df496a0d https://git.kernel.org/stable/c/8f3e68c6a3fff53c2240762a47a0045d89371775 https://git.kernel.org/stable/c/b33d4af102b9c1f7a83d3f0ad3cab7d2bab8f058 https://git.kernel.org/stable/c/8db10cee51e3e11a6658742465edc21986cf1e8d https://git.kernel.org/stable/c/cdb637d339572398821204a1142d8d615668f1e9 https://access.redhat.com/security/cve/CVE-2024-27042 https://bugzilla.redhat.com/show_bug.cgi?id=2278447 •
CVE-2024-27041 – drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()
https://notcve.org/view.php?id=CVE-2024-27041
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() Since 'adev->dm.dc' in amdgpu_dm_fini() might turn out to be NULL before the call to dc_enable_dmub_notifications(), check beforehand to ensure there will not be a possible NULL-ptr-deref there. Also, since commit 1e88eb1b2c25 ("drm/amd/display: Drop CONFIG_DRM_AMD_DC_HDCP") there are two separate checks for NULL in 'adev->dm.dc' before dc_deinit_callbacks() and dc_dmub_srv_destroy(). Clean up by combining them all under one 'if'. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: corrige comprobaciones NULL para adev->dm.dc en amdgpu_dm_fini() Dado que 'adev->dm.dc' en amdgpu_dm_fini() podría resultar ser NULL antes de llamar a dc_enable_dmub_notifications(), verifique de antemano para asegurarse de que no habrá un posible NULL-ptr-deref allí. Además, desde la confirmación 1e88eb1b2c25 ("drm/amd/display: Drop CONFIG_DRM_AMD_DC_HDCP") hay dos comprobaciones separadas para NULL en 'adev->dm.dc' antes de dc_deinit_callbacks() y dc_dmub_srv_destroy(). Limpia combinándolos todos bajo un solo "si". Encontrado por el Centro de verificación de Linux (linuxtesting.org) con la herramienta de análisis estático SVACE. • https://git.kernel.org/stable/c/81927e2808be5adace93c2012d45d6938d3a7aa0 https://git.kernel.org/stable/c/e040f1fbe9abae91b12b074cfc3bbb5367b79811 https://git.kernel.org/stable/c/ca2eb375db76fd50f31afdd67d6ca4f833254957 https://git.kernel.org/stable/c/1c62697e4086de988b31124fb8c79c244ea05f2b https://git.kernel.org/stable/c/2a3cfb9a24a28da9cc13d2c525a76548865e182c •
CVE-2024-27040 – drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()'
https://notcve.org/view.php?id=CVE-2024-27040
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()' In the first if statement, we're checking if 'replay' is NULL. But in the second if statement, we're not checking if 'replay' is NULL again before calling replay->funcs->replay_set_power_opt(). if (replay == NULL && force_static) return false; ... if (link->replay_settings.replay_feature_enabled && replay->funcs->replay_set_power_opt) { replay->funcs->replay_set_power_opt(replay, *power_opts, panel_inst); link->replay_settings.replay_power_opt_active = *power_opts; } If 'replay' is NULL, this will cause a null pointer dereference. Fixes the below found by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:895 edp_set_replay_allow_active() error: we previously assumed 'replay' could be null (see line 887) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: agregue la verificación NULL 'replay' en 'edp_set_replay_allow_active()' En la primera declaración if, estamos verificando si 'replay' es NULL. Pero en la segunda declaración if, no estamos verificando si 'replay' es NULL nuevamente antes de llamar a replay->funcs->replay_set_power_opt(). si (repetición == NULL && force_static) devuelve falso; ... if (enlace->replay_settings.replay_feature_enabled && replay->funcs->replay_set_power_opt) { replay->funcs->replay_set_power_opt(replay, *power_opts, panel_inst); enlace->replay_settings.replay_power_opt_active = *power_opts; } Si 'repetición' es NULL, esto provocará una desreferencia del puntero nulo. Corrige el siguiente error encontrado por smatch: drivers/gpu/drm/amd/amdgpu/.. • https://git.kernel.org/stable/c/c7ddc0a800bc9f681a18c3bdd9f06b61adfabc11 https://git.kernel.org/stable/c/f610c46771ef1047e46d61807aa7c69cd29e63d8 https://git.kernel.org/stable/c/e7cadd5d3a8ffe334d0229ba9eda4290138d56e7 https://git.kernel.org/stable/c/d0e94f4807ff0df66cf447d6b4bbb8ac830e99c3 https://git.kernel.org/stable/c/f6aed043ee5d75b3d1bfc452b1a9584b63c8f76b •
CVE-2024-27039 – clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
https://notcve.org/view.php?id=CVE-2024-27039
In the Linux kernel, the following vulnerability has been resolved: clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() 'p_clk' is an array allocated just before the for loop for all clk that need to be registered. It is incremented at each loop iteration. If a clk_register() call fails, 'p_clk' may point to something different from what should be freed. The best we can do, is to avoid this wrong release of memory. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: clk: hisilicon: hi3559a: corrige un devm_kfree() erróneo 'p_clk' es una matriz asignada justo antes del bucle for para todos los clk que deben registrarse. Se incrementa en cada iteración del bucle. Si falla una llamada a clk_register(), 'p_clk' puede señalar algo diferente de lo que debería liberarse. Lo mejor que podemos hacer es evitar esta liberación incorrecta de memoria. • https://git.kernel.org/stable/c/6c81966107dc0caa5d2ebedbcebb5f10d865064d https://git.kernel.org/stable/c/3f8445f1c746fda180a7f75372ed06b24e9cefe2 https://git.kernel.org/stable/c/e0b0d1c46a2ce1e46b79d004a7270fdef872e097 https://git.kernel.org/stable/c/95d1f1228c1bb54803ae57525b76db60e99b37e4 https://git.kernel.org/stable/c/2cc572e0085ebd4b662b74a0f43222bc00df9a00 https://git.kernel.org/stable/c/d575765b1b62e8bdb00af11caa1aabeb01763d9f https://git.kernel.org/stable/c/64c6a38136b74a2f18c42199830975edd9fbc379 •
CVE-2024-27038 – clk: Fix clk_core_get NULL dereference
https://notcve.org/view.php?id=CVE-2024-27038
In the Linux kernel, the following vulnerability has been resolved: clk: Fix clk_core_get NULL dereference It is possible for clk_core_get to dereference a NULL in the following sequence: clk_core_get() of_clk_get_hw_from_clkspec() __of_clk_get_hw_from_provider() __clk_get_hw() __clk_get_hw() can return NULL which is dereferenced by clk_core_get() at hw->core. Prior to commit dde4eff47c82 ("clk: Look for parents with clkdev based clk_lookups") the check IS_ERR_OR_NULL() was performed which would have caught the NULL. Reading the description of this function it talks about returning NULL but that cannot be so at the moment. Update the function to check for hw before dereferencing it and return NULL if hw is NULL. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: corrige la desreferencia de clk_core_get NULL Es posible que clk_core_get elimine la referencia a un NULL en la siguiente secuencia: clk_core_get() of_clk_get_hw_from_clkspec() __of_clk_get_hw_from_provider() __clk_get_hw() __clk_get_hw() puede devolver NULL que es desreferenciado por clk_core_get() en hw->core. Antes de confirmar dde4eff47c82 ("clk: buscar padres con clk_lookups basado en clkdev") se realizó la verificación IS_ERR_OR_NULL() que habría detectado el NULL. Leyendo la descripción de esta función se habla de devolver NULL pero eso no puede ser así por el momento. Actualice la función para verificar hw antes de eliminar la referencia y devuelva NULL si hw es NULL. • https://git.kernel.org/stable/c/dde4eff47c82c52a72af333d9e55370eee6d95d6 https://git.kernel.org/stable/c/d7ae7d1265686b55832a445b1db8cdd69738ac07 https://git.kernel.org/stable/c/239174535dba11f7b83de0eaaa27909024f8c185 https://git.kernel.org/stable/c/0efb9ef6fb95384ba631d6819e66f10392aabfa2 https://git.kernel.org/stable/c/a8b2b26fdd011ebe36d68a9a321ca45801685959 https://git.kernel.org/stable/c/a5d9b1aa61b401867b9066d54086b3e4ee91f8ed https://git.kernel.org/stable/c/c554badcae9c45b737a22d23454170c6020b90e6 https://git.kernel.org/stable/c/6f073b24a9e2becd25ac4505a9780a87e •