CVE-2024-26660

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: implementar la verificación de los límites para la creación del codificador de flujo en la matriz DCN301 'stream_enc_regs' es una matriz de estructuras dcn10_stream_enc_registers. La matriz se inicializa con cuatro elementos, correspondientes a las cuatro llamadas a stream_enc_regs() en el inicializador de la matriz. Esto significa que los índices válidos para esta matriz son 0, 1, 2 y 3. El mensaje de error 'stream_enc_regs' 4 <= 5 a continuación indica que hay un intento de acceder a esta matriz con un índice de 5, que no está disponible. de los límites. Esto podría provocar un comportamiento indefinido. Aquí, eng_id se utiliza como índice para acceder a la matriz stream_enc_regs. Si eng_id es 5, esto daría como resultado un acceso fuera de los límites en la matriz stream_enc_regs. Solucionando así el error de desbordamiento de búfer en dcn301_stream_encoder_create informado por Smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn301/dcn301_resource.c:1011 dcn301_stream_encoder_create() error: desbordamiento de búfer 'stream_enc_regs' 4 <= 5

A vulnerability was found in the DRM/AMD/Display module of the Linux Kernel. An out-of-bounds access exists in the 'stream_enc_regs' array within DCN301, while accessing the array with 'eng_id,’ could lead to an out-of-bounds access beyond its four-element size, which can cause a system crash.

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 'stream_enc_regs' array is an array of dcn10_stream_enc_registers structures. The array is initialized with four elements, corresponding to the four calls to stream_enc_regs() in the array initializer. This means that valid indices for this array are 0, 1, 2, and 3. The error message 'stream_enc_regs' 4 <= 5 below, is indicating that there is an attempt to access this array with an index of 5, which is out of bounds. This could lead to undefined behavior Here, eng_id is used as an index to access the stream_enc_regs array. If eng_id is 5, this would result in an out-of-bounds access on the stream_enc_regs array. Thus fixing Buffer overflow error in dcn301_stream_encoder_create reported by Smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn301/dcn301_resource.c:1011 dcn301_stream_encoder_create() error: buffer overflow 'stream_enc_regs' 4 <= 5

It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.