Geert Uytterhoeven

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.23-06226-g4986cc3e1b75-dirty #250 **Description** The vulnerability is related to the drm/fbdev-dma module in the Linux kernel. It occurs when the `smem start` is set, which can break systems where DMA memory is backed by vmalloc address space. The issue arises because DMA memory is assumed to be contiguous in physical address space, which is not guaranteed by `vmalloc()`. To resolve this, the module flag `drm leak fbdev smem` should be checked when DRM allocates the instance of `struct fb info`. The `fbdev-dma` then only sets `smem start` if required, and the framebuffer should not be located in `vmalloc` address space. **Recommendations** To resolve the issue, check the module flag `drm leak fbdev smem` when DRM allocates the instance of `struct fb info`. Then, only set `smem start` if required via `FBINFO HIDE SMEM START`. Also, ensure the framebuffer is not located in `vmalloc` address space. As a temporary workaround, consider disabling the `drm fbdev dma helper fb probe` function until a patch is available. Restrict access to the `drm fbdev dma` module to minimize the risk of exploitation. Avoid using the `smem start` parameter in the affected kernel versions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.37 **Description** The issue is related to CPU mitigations in the Linux kernel. A recent commit missed that "cpu mitigations" is completely generic, whereas SPECULATION MITIGATIONS is x86-specific. This led to unnecessary confusion. The mitigation has been re-enabled by default for non-X86 architectures. The change allows x86 to use a single configuration for managing mitigations not strictly related to speculative execution. **Recommendations** Update to Linux kernel version 6.6.37 or later to resolve the issue.