CVE-2024-50177 |
Description: In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fix a UBSAN warning in DML2.1
When programming phantom pipe, since cursor_width is explicity set to 0,
this causes calculation logic to trigger overflow for an unsigned int
triggering the kernel's UBSAN check as below:
[ 40.962845] UBSAN: shift-out-of-bounds in /tmp/amd.EfpumTkO/amd/amdgpu/../display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c:3312:34
[ 40.962849] shift exponent 4294967170 is too large for 32-bit type 'unsigned int'
[ 40.962852] CPU: 1 PID: 1670 Comm: gnome-shell Tainted: G W OE 6.5.0-41-generic #41~22.04.2-Ubuntu
[ 40.962854] Hardware name: Gigabyte Technology Co., Ltd. X670E AORUS PRO X/X670E AORUS PRO X, BIOS F21 01/10/2024
[ 40.962856] Call Trace:
[ 40.962857]
[ 40.962860] dump_stack_lvl+0x48/0x70
[ 40.962870] dump_stack+0x10/0x20
[ 40.962872] __ubsan_handle_shift_out_of_bounds+0x1ac/0x360
[ 40.962878] calculate_cursor_req_attributes.cold+0x1b/0x28 [amdgpu]
[ 40.963099] dml_core_mode_support+0x6b91/0x16bc0 [amdgpu]
[ 40.963327] ? srso_alias_return_thunk+0x5/0x7f
[ 40.963331] ? CalculateWatermarksMALLUseAndDRAMSpeedChangeSupport+0x18b8/0x2790 [amdgpu]
[ 40.963534] ? srso_alias_return_thunk+0x5/0x7f
[ 40.963536] ? dml_core_mode_support+0xb3db/0x16bc0 [amdgpu]
[ 40.963730] dml2_core_calcs_mode_support_ex+0x2c/0x90 [amdgpu]
[ 40.963906] ? srso_alias_return_thunk+0x5/0x7f
[ 40.963909] ? dml2_core_calcs...
EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
CVE-2024-50004 |
Description: In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35
[WHY & HOW]
Mismatch in DCN35 DML2 cause bw validation failed to acquire unexpected DPP pipe to cause
grey screen and system hang. Remove EnhancedPrefetchScheduleAccelerationFinal value override
to match HW spec.
(cherry picked from commit 9dad21f910fcea2bdcff4af46159101d7f9cd8ba)
EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
CVE-2024-49971 |
Description: In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Increase array size of dummy_boolean
[WHY]
dml2_core_shared_mode_support and dml_core_mode_support access the third
element of dummy_boolean, i.e. hw_debug5 = &s->dummy_boolean[2], when
dummy_boolean has size of 2. Any assignment to hw_debug5 causes an
OVERRUN.
[HOW]
Increase dummy_boolean's array size to 3.
This fixes 2 OVERRUN issues reported by Coverity.
EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
CVE-2024-49904 |
Description: In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: add list empty check to avoid null pointer issue
Add list empty check to avoid null pointer issues in some corner cases.
- list_for_each_entry_safe()
EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
CVE-2024-48463 |
Description: Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer.
EPSS Score: 0.05%
January 17th, 2025 (6 months ago)
|
CVE-2024-48460 |
Description: An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails.
EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
CVE-2024-46836 |
Description: In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: aspeed_udc: validate endpoint index for ast udc
We should verify the bound of the array to assure that host
may not manipulate the index to point past endpoint array.
Found by static analysis.
EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
CVE-2024-46778 |
Description: In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check UnboundedRequestEnabled's value
CalculateSwathAndDETConfiguration_params_st's UnboundedRequestEnabled
is a pointer (i.e. dml_bool_t *UnboundedRequestEnabled), and thus
if (p->UnboundedRequestEnabled) checks its address, not bool value.
This fixes 1 REVERSE_INULL issue reported by Coverity.
EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
CVE-2024-46450 |
Description: Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request.
EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
CVE-2024-46310 |
Description: Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint
EPSS Score: 0.05%
January 17th, 2025 (6 months ago)
|