In the Linux kernel, the following vulnerability has been resolved:
drm/xe/xe_pagefault: Disallow writes to read-only VMAs
The page fault handler should reject write/atomic access to read only
VMAs.
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix page_size variable overflow
Change all variables storing mlx5_umem_mkc_find_best_pgsz() result to
unsigned long to
In the Linux kernel, the following vulnerability has been resolved:
iommu/tegra241-cmdqv: Fix alignment failure at max_n_shift
When configuring a kernel with PAGE_SIZE=4KB, depending on its setting
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed
When retrieving the PEK CSR, don't attempt to copy the b
In the Linux kernel, the following vulnerability has been resolved:
nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
The `nouveau_dmem_copy_one` function ensures that the copy push
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed
When retrieving the ID for the CPU, don't attempt to copy
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Prevent excessive number of frames
In this case, the user constructed the parameters with maxpacksize 40
for rate
In the Linux kernel, the following vulnerability has been resolved:
x86/sev: Make enc_dec_hypercall() accept a size instead of npages
enc_dec_hypercall() accepted a page count instead of a size, whi
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed
When retrieving the PDH cert, don't attempt to copy
In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Prevent out of bounds access in performance query extensions
Check that the number of perfmons userspace is passing in th
In the Linux kernel, the following vulnerability has been resolved:
drm/buddy: Prevent BUG_ON by validating rounded allocation
When DRM_BUDDY_CONTIGUOUS_ALLOCATION is set, the requested size is
roun
In the Linux kernel, the following vulnerability has been resolved:
xsk: validate MTU against usable frame size on bind
AF_XDP bind currently accepts zero-copy pool configurations without
verifying
In the Linux kernel, the following vulnerability has been resolved:
media: aspeed: Fix memory overwrite if timing is 1600x900
When capturing 1600x900, system could crash when system memory usage is
In the Linux kernel, the following vulnerability has been resolved:
drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA
Replace the fake VLA at end of the vbva_mouse_poi
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
[WHY]
When PTEBufferSizeInRequests is zero, UBSAN reports the f
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
Userspace can pass an arbitrary number of BO list entries via
In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - fix out-of-bounds read
When preparing an AER-CTR request, the driver copies the key provided by
the user into a data
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: set the right AMDGPU sg segment limitation
The driver needs to set the correct max_segment_size;
otherwise debug_dma_m
In the Linux kernel, the following vulnerability has been resolved:
vmalloc: fix buffer overflow in vrealloc_node_align()
Commit 4c5d3365882d ("mm/vmalloc: allow to set node and align in
vrealloc")
In the Linux kernel, the following vulnerability has been resolved:
xsk: fix an integer overflow in xp_create_and_assign_umem()
Since the i and pool->chunk_size variables are of type 'u32',
their pr