CVE-2024-49902 – jfs: check if leafidx greater than num leaves per dmap tree
https://notcve.org/view.php?id=CVE-2024-49902
In the Linux kernel, the following vulnerability has been resolved: jfs: check if leafidx greater than num leaves per dmap tree syzbot report a out of bounds in dbSplit, it because dmt_leafidx greater than num leaves per dmap tree, add a checking for dmt_leafidx in dbFindLeaf. Shaggy: Modified sanity check to apply to control pages as well as leaf pages. • https://git.kernel.org/stable/c/d76b9a4c283c7535ae7c7c9b14984e75402951e1 https://git.kernel.org/stable/c/35b91f15f44ce3c01eba058ccb864bb04743e792 https://git.kernel.org/stable/c/2451e5917c56be45d4add786e2a059dd9c2c37c4 https://git.kernel.org/stable/c/25d2a3ff02f22e215ce53355619df10cc5faa7ab https://git.kernel.org/stable/c/058aa89b3318be3d66a103ba7c68d717561e1dc6 https://git.kernel.org/stable/c/7fff9a9f866e99931cf6fa260288e55d01626582 https://git.kernel.org/stable/c/cb0eb10558802764f07de1dc439c4609e27cb4f0 https://git.kernel.org/stable/c/4a7bf6a01fb441009a6698179a739957e •
CVE-2024-49901 – drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs
https://notcve.org/view.php?id=CVE-2024-49901
In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs There are some cases, such as the one uncovered by Commit 46d4efcccc68 ("drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails") where msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL); is called on gpu->pdev == NULL, as the GPU device has not been fully initialized yet. Turns out that there's more than just the aforementioned path that causes this to happen (e.g. the case when there's speedbin data in the catalog, but opp-supported-hw is missing in DT). Assigning msm_gpu->pdev earlier seems like the least painful solution to this, therefore do so. Patchwork: https://patchwork.freedesktop.org/patch/602742/ • https://git.kernel.org/stable/c/9288a9676c529ad9c856096db68fad812499bc4a https://git.kernel.org/stable/c/9773737375b20070ea935203fd66cb9fa17c5acb https://git.kernel.org/stable/c/e8ac2060597a5768e4699bb61d604b4c09927b85 https://git.kernel.org/stable/c/16007768551d5bfe53426645401435ca8d2ef54f •
CVE-2024-49900 – jfs: Fix uninit-value access of new_ea in ea_buffer
https://notcve.org/view.php?id=CVE-2024-49900
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of new_ea in ea_buffer syzbot reports that lzo1x_1_do_compress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178 ... Uninit was stored to memory at: ea_put fs/jfs/xattr.c:639 [inline] ... Local variable ea_buf created at: __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662 __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934 ===================================================== The reason is ea_buf->new_ea is not initialized properly. Fix this by using memset to empty its content at the beginning in ea_get(). • https://git.kernel.org/stable/c/7b24d41d47a6805c45378debf8bd115675d41da8 https://git.kernel.org/stable/c/dac398ed272a378d2f42ac68ae408333a51baf52 https://git.kernel.org/stable/c/8b1dcf25c26d42e4a68c4725ce52a0543c7878cc https://git.kernel.org/stable/c/d7444f91a9f93eaa48827087ed0f3381c194181d https://git.kernel.org/stable/c/6041536d18c5f51a84bc37cd568cbab61870031e https://git.kernel.org/stable/c/c076b3746224982eebdba5c9e4b1467e146c0d64 https://git.kernel.org/stable/c/7c244d5b48284a770d96ff703df2dfeadf804a73 https://git.kernel.org/stable/c/8ad8b531de79c348bcb8133e7f5e827b8 •
CVE-2024-49899 – drm/amd/display: Initialize denominators' default to 1
https://notcve.org/view.php?id=CVE-2024-49899
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominators' default to 1 [WHAT & HOW] Variables used as denominators and maybe not assigned to other values, should not be 0. Change their default to 1 so they are never 0. This fixes 10 DIVIDE_BY_ZERO issues reported by Coverity. • https://git.kernel.org/stable/c/7f8e93b862aba08d540f1e9e03e0ceb4d0cfd5fb https://git.kernel.org/stable/c/b995c0a6de6c74656a0c39cd57a0626351b13e3c •
CVE-2024-49898 – drm/amd/display: Check null-initialized variables
https://notcve.org/view.php?id=CVE-2024-49898
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null-initialized variables [WHAT & HOW] drr_timing and subvp_pipe are initialized to null and they are not always assigned new values. It is necessary to check for null before dereferencing. This fixes 2 FORWARD_NULL issues reported by Coverity. • https://git.kernel.org/stable/c/3fc70ae048fe0936761b73b50700a810ff61e853 https://git.kernel.org/stable/c/115b1a3b0944b4d8ef0b4b0c5a625bdd9474131f https://git.kernel.org/stable/c/367cd9ceba1933b63bc1d87d967baf6d9fd241d2 •