
CVE-2024-46810 – drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ
https://notcve.org/view.php?id=CVE-2024-46810
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Make sure the connector is fully initialized before signalling any HPD events via drm_kms_helper_hotplug_event(), otherwise this may lead to NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Make sure the connector is fully initia... • https://git.kernel.org/stable/c/adc5674c23b8191e596ed0dbaa9600265ac896a8 •

CVE-2024-46806 – drm/amdgpu: Fix the warning division or modulo by zero
https://notcve.org/view.php?id=CVE-2024-46806
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the warning division or modulo by zero Checks the partition mode and returns an error for an invalid mode. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compro... • https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a • CWE-369: Divide By Zero •

CVE-2024-46805 – drm/amdgpu: fix the waring dereferencing hive
https://notcve.org/view.php?id=CVE-2024-46805
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix the waring dereferencing hive Check the amdgpu_hive_info *hive that maybe is NULL. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary cod... • https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356 • CWE-476: NULL Pointer Dereference •

CVE-2024-46804 – drm/amd/display: Add array index check for hdcp ddc access
https://notcve.org/view.php?id=CVE-2024-46804
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check for hdcp ddc access [Why] Coverity reports OVERRUN warning. Do not check if array index valid. [How] Check msg_id valid and valid array index. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check for hdcp ddc access [Why] Coverity reports OVERRUN warning. Do not check if array index valid. • https://git.kernel.org/stable/c/2a63c90c7a90ab2bd23deebc2814fc5b52abf6d2 •

CVE-2024-46777 – udf: Avoid excessive partition lengths
https://notcve.org/view.php?id=CVE-2024-46777
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: udf: Avoid excessive partition lengths Avoid mounting filesystems where the partition would overflow the 32-bits used for block number. Also refuse to mount filesystems where the partition length is so large we cannot safely index bits in a block bitmap. In the Linux kernel, the following vulnerability has been resolved: udf: Avoid excessive partition lengths Avoid mounting filesystems where the partition would overflow the 32-bits used for... • https://git.kernel.org/stable/c/c0c23130d38e8bc28e9ef581443de9b1fc749966 •

CVE-2024-46774 – powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
https://notcve.org/view.php?id=CVE-2024-46774
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Smatch warns: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential spectre issue 'args.args' [r] (local cap) The 'nargs' and 'nret' locals come directly from a user-supplied buffer and are used as indexes into a small stack-based array and as inputs to copy_to_user() after they are subject to bounds checks. Use array_index_nospec() after the bounds checks to clamp... • https://git.kernel.org/stable/c/d2834ff1d9641a8695a09ea79cd901c7b6d4d05f •

CVE-2024-46762 – xen: privcmd: Fix possible access to a freed kirqfd instance
https://notcve.org/view.php?id=CVE-2024-46762
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and privcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd created and added to the irqfds_list by privcmd_irqfd_assign() may get removed by another thread executing privcmd_irqfd_deassign(), while the former is still using it after dropping the locks. This can lead to a situation where an already... • https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527 •

CVE-2024-46761 – pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
https://notcve.org/view.php?id=CVE-2024-46761
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The crash occurs because although the MSI data structure has been released during disable/hot-unplug path and it has been assigned with NULL, still during unregistration the code was again trying to explicitly disable the MSI which causes ... • https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048 • CWE-476: NULL Pointer Dereference •

CVE-2024-46759 – hwmon: (adc128d818) Fix underflows seen when writing limit attributes
https://notcve.org/view.php?id=CVE-2024-46759
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. A flaw was found and resolved in the Linux kernel. DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -92233720368547758... • https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777 • CWE-191: Integer Underflow (Wrap or Wraparound) •

CVE-2024-46755 – wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
https://notcve.org/view.php?id=CVE-2024-46755
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() mwifiex_get_priv_by_id() returns the priv pointer corresponding to the bss_num and bss_type, but without checking if the priv is actually currently in use. Unused priv pointers do not have a wiphy attached to them which can lead to NULL pointer dereferences further down the callstack. Fix this by returning only used priv pointers which have priv->bss_mode set to something ... • https://git.kernel.org/stable/c/a12cf97cbefa139ef8d95081f2ea047cbbd74b7a •