CVE-2024-46805 – drm/amdgpu: fix the waring dereferencing hive
https://notcve.org/view.php?id=CVE-2024-46805
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix the waring dereferencing hive Check the amdgpu_hive_info *hive that maybe is NULL. • https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356 https://git.kernel.org/stable/c/01cd55b971131b07b7ff8d622fa93bb4f8be07df https://git.kernel.org/stable/c/4ab720b6aa1ef5e71db1e534b5b45c80ac4ec58a https://git.kernel.org/stable/c/d3f927ef0607b3c8c3f79ab6d9a4ebead3e35f4c https://git.kernel.org/stable/c/1940708ccf5aff76de4e0b399f99267c93a89193 •
CVE-2024-46804 – drm/amd/display: Add array index check for hdcp ddc access
https://notcve.org/view.php?id=CVE-2024-46804
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check for hdcp ddc access [Why] Coverity reports OVERRUN warning. Do not check if array index valid. [How] Check msg_id valid and valid array index. • https://git.kernel.org/stable/c/2a63c90c7a90ab2bd23deebc2814fc5b52abf6d2 https://git.kernel.org/stable/c/0ee4387c5a4b57ec733c3fb4365188d5979cd9c7 https://git.kernel.org/stable/c/f338f99f6a04d03c802087d82a83561cbd5bdc99 https://git.kernel.org/stable/c/8b5ccf3d011969417be653b5a145c72dbd30472c https://git.kernel.org/stable/c/a3b5ee22a9d3a30045191da5678ca8451ebaea30 https://git.kernel.org/stable/c/4e70c0f5251c25885c31ee84a31f99a01f7cf50e •
CVE-2024-46803 – drm/amdkfd: Check debug trap enable before write dbg_ev_file
https://notcve.org/view.php?id=CVE-2024-46803
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check debug trap enable before write dbg_ev_file In interrupt context, write dbg_ev_file will be run by work queue. It will cause write dbg_ev_file execution after debug_trap_disable, which will cause NULL pointer access. v2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL. • https://git.kernel.org/stable/c/e6ea3b8fe398915338147fe54dd2db8155fdafd8 https://git.kernel.org/stable/c/820dcbd38a77bd5fdc4236d521c1c122841227d0 https://git.kernel.org/stable/c/547033b593063eb85bfdf9b25a5f1b8fd1911be2 •
CVE-2024-46802 – drm/amd/display: added NULL check at start of dc_validate_stream
https://notcve.org/view.php?id=CVE-2024-46802
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: added NULL check at start of dc_validate_stream [Why] prevent invalid memory access [How] check if dc and stream are NULL • https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9 https://git.kernel.org/stable/c/154a50bf4221a6a6ccf88d565b8184da7c40a2dd https://git.kernel.org/stable/c/6bf920193ba1853bad780bba565a789246d9003c https://git.kernel.org/stable/c/26c56049cc4f1705b498df013949427692a4b0d5 •
CVE-2022-48945 – media: vivid: fix compose size exceed boundary
https://notcve.org/view.php?id=CVE-2022-48945
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page fault for address: ffffc9000a3b1000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 100000067 P4D 100000067 PUD 10015f067 PMD 1121ca067 PTE 0 Oops: 0002 [#1] PREEMPT SMP CPU: 0 PID: 23489 Comm: vivid-000-vid-c Not tainted 6.1.0-rc1+ #512 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:memcpy_erms+0x6/0x10 [...] Call Trace: <TASK> ? tpg_fill_plane_buffer+0x856/0x15b0 vivid_fillbuff+0x8ac/0x1110 vivid_thread_vid_cap_tick+0x361/0xc90 vivid_thread_vid_cap+0x21a/0x3a0 kthread+0x143/0x180 ret_from_fork+0x1f/0x30 </TASK> This is because we forget to check boundary after adjust compose->height int V4L2_SEL_TGT_CROP case. Add v4l2_rect_map_inside() to fix this problem for this case. • https://git.kernel.org/stable/c/ef834f7836ec0502f49f20bbc42f1240577a9c83 https://git.kernel.org/stable/c/8c0ee15d9a102c732d0745566d254040085d5663 https://git.kernel.org/stable/c/5edc3604151919da8da0fb092b71d7dce07d848a https://git.kernel.org/stable/c/9c7fba9503b826f0c061d136f8f0c9f953ed18b9 https://git.kernel.org/stable/c/54f259906039dbfe46c550011409fa16f72370f6 https://git.kernel.org/stable/c/f9d19f3a044ca651b0be52a4bf951ffe74259b9f https://git.kernel.org/stable/c/ab54081a2843aefb837812fac5488cc8f1696142 https://git.kernel.org/stable/c/ccb5392c4fea0e7d9f7ab35567e839d74 •