In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
nouveau_gem_pushbuf_reloc_apply() validates each relocation with
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: prime: fix refcount underflow
Calling nouveau_bo_ref() on a nouveau_bo without initializing it (and
hence the backing
In the Linux kernel, the following vulnerability has been resolved:
amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
This is motivated by OOB access in amdgpu_vm_update_range when
offset_in_bo+map
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1
The type of size is unsigned int, if size is 0x40000000, there will
be an inte
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix a couple integer overflows on 32bit systems
On 32bit systems the "off + sizeof(struct NTFS_DE)" addition can
have an
In the Linux kernel, the following vulnerability has been resolved:
drm: Do not allow userspace to trigger kernel warnings in drm_gem_change_handle_ioctl()
Since GEM bo handles are u32 in the uapi a
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Fix potential integer overflow in page size calculation
Explicitly cast tbo->page_alignment to u64 before bit-shifting to
In the Linux kernel, the following vulnerability has been resolved:
crypto: cavium - prevent integer overflow loading firmware
The "code_length" value comes from the firmware file. If your firmware
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/amd: fix potential integer overflow on shift of a int
The left shift of int 32 bit integer constant 1 is evaluated using
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
[WHY]
When PTEBufferSizeInRequests is zero, UBSAN reports the f
In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: Fix integer overflow in radeon_cs_parser_init
The type of size is unsigned, if size is 0x40000000, there will be an
in
In the Linux kernel, the following vulnerability has been resolved:
drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED
Shifting signed 32-bit value by 31 bits is undefined,
In the Linux kernel, the following vulnerability has been resolved:
NFSD: prevent integer overflow on 32 bit systems
On a 32 bit system, the "len * sizeof(*p)" operation can have an
integer overflow
In the Linux kernel, the following vulnerability has been resolved:
block: fix integer overflow in BLKSECDISCARD
I independently rediscovered
commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155
block
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Validate TA binary size
Add TA binary size validation to avoid OOB write.
(cherry picked from commit c0a04e3570d72aaf
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: fix integer overflow in run_unpack() volume boundary check
The volume boundary check `lcn + len > sbi->used.bitmap.nbits` u
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check index for aux_rd_interval before using
aux_rd_interval has size of 7 and should be checked.
This fixes 3 O
In the Linux kernel, the following vulnerability has been resolved:
drm: zynqmp_dp: Fix integer overflow in zynqmp_dp_rate_get()
This patch fixes a potential integer overflow in the zynqmp_dp_rate_g
In the Linux kernel, the following vulnerability has been resolved:
ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
Function ubifs_wbuf_write_nolock() may access buf out of bounds in
foll
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Prevent a potential integer overflow
If the tag length is >= U32_MAX - 3 then the "length + 4" addition
can result in an int
Page 1+ Next →