Dmitry Baryshkov

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved. The issue occurs in the `drm/msm/disp/dpu1` component, where the `vbif` hardware configuration is not properly set to `NULL` during `pm` runtime resume, leading to a use-after-free error. This results in a kernel paging request at a specific virtual address, causing a crash. The call trace indicates the sequence of functions leading to the error, including `dpu vbif init memtypes` and `dpu runtime resume`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.12.0-rc2-qcomlt-arm64 Description: A vulnerability in the Linux kernel has been resolved, related to the ASoC (Audio System on Chip) driver for Qualcomm's sdm845 soundcard. The issue occurred during the migration of Soundwire runtime stream allocation from the Qualcomm Soundwire controller to the SoC's soundcard drivers, where the sdm845 soundcard was forgotten. This results in a stream pointer NULL dereference when attempting playback or starting the audio daemon. The vulnerability is triggered by the `wsa881x hw params()` function being called with a `stream` parameter set to `NULL`, which is then passed further in the `x4` register. The `sdw stream add slave()` function is also involved, where a data abort happens at offset `0x44` from the beginning of the function. Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for the ASoC: qcom: sdm845: add missing soundwire runtime stream alloc vulnerability. As a temporary workaround, consider disabling the audio functionality on affected devices until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue arises when the crtc's connectors changed is set without enable/active getting toggled, resulting in an atomic enable() call followed by an atomic disable() but without an atomic mode set(). This leads to a NULL pointer access for the dpu encoder get drm fmt() call in the atomic enable() as the dpu encoder's connector was cleared in the atomic disable() but not re-assigned due to the lack of an atomic mode set() call. The fix involves moving the assignment for atomic enable() and using drm atomic get new connector for encoder() to get the connector from the atomic state. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A null pointer dereference issue has been resolved in the Linux kernel. The issue occurs when `ucsi register altmode` checks `IS ERR` for the `alt` pointer and treats `NULL` as valid. When `CONFIG TYPEC DP ALTMODE` is not enabled, `ucsi register displayport` returns `NULL`, causing a null pointer dereference in trace. To fix this, `typec port register altmode` is called to register DisplayPort alternate mode as a non-controllable mode when `CONFIG TYPEC DP ALTMODE` is not enabled. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability has been resolved in the Linux kernel. The function `device pm check callbacks()` can be called under a spin lock, but it unconditionally uses `spin lock irq()`/`spin unlock irq()`, thus not preserving CPU flags. This issue can lead to a warning when `raw local irq restore()` is called with IRQs enabled. The vulnerability is related to the use of spin locks rather than mutexes in the `genpd` module. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.