CVE-2024-27042

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu: corrige el posible acceso fuera de los límites en 'amdgpu_discovery_reg_base_init()'. El problema surge cuando se accede a la matriz 'adev->vcn.vcn_config' antes de verificar si el El índice 'adev->vcn.num_vcn_inst' está dentro de los límites de la matriz. La solución implica mover la verificación de los límites antes del acceso a la matriz. Esto garantiza que 'adev->vcn.num_vcn_inst' esté dentro de los límites de la matriz antes de usarlo como índice. Corrige lo siguiente: drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1289 error amdgpu_discovery_reg_base_init(): prueba de desplazamiento de matriz 'adev->vcn.num_vcn_inst' después de su uso.

An out-of-bounds access flaw was found in drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c in the Linux kernel. This issue may lead to a crash.

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' The issue arises when the array 'adev->vcn.vcn_config' is accessed before checking if the index 'adev->vcn.num_vcn_inst' is within the bounds of the array. The fix involves moving the bounds check before the array access. This ensures that 'adev->vcn.num_vcn_inst' is within the bounds of the array before it is used as an index. Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1289 amdgpu_discovery_reg_base_init() error: testing array offset 'adev->vcn.num_vcn_inst' after use.

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service.