Aurabindo Pillai

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.5.0-41-generic #41~22.04.2-Ubuntu **Description** The issue is related to a null pointer dereference in the `dcn20 resource.c` file of the Linux kernel's `drm/amd/display` module. This vulnerability can cause a hang when running MPV on a DCN401 dGPU with specific settings, such as `mpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all`, and then enabling fullscreen playback. The call trace shows a kernel NULL pointer dereference at address 0000000000000000. **Recommendations** To resolve this issue, update the Linux kernel to a version newer than 6.5.0-41-generic #41~22.04.2-Ubuntu. As a temporary workaround, consider avoiding the use of MPV with the specified settings on affected systems until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A NULL pointer dereference vulnerability has been resolved in the Linux kernel, specifically in the drm/amd/display component. The issue occurs when the color log tries to read the gamut remap information from DCN401, which is not initialized in the dcn401 dpp funcs, leading to a null pointer dereference. This vulnerability is addressed by adding a proper guard to access the gamut remap callback in case the specific ASIC did not implement this function. The vulnerability can be triggered by running the command `cat /sys/kernel/debug/dri/0/amdgpu dm dtn log`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** There is a potential memory access violation while iterating through an array of dcn35 clks. This issue can be resolved by limiting iteration per array size. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the drm/amd/display component of the Linux kernel, where two problems have been fixed: a comparison with a wider integer type in a loop condition that can cause infinite loops, and a pointer dereference before a null check. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue concerns an array index out of bounds error in the DCN32 DML of the Linux kernel's drm/amd/display component. Specifically, the `LinkCapacitySupport` array is indexed with the number of voltage states instead of the maximum number of DPPs. The error is fixed by modifying the array declaration to use the correct, larger array size based on the total number of voltage states. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.