Mario Limonciello

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue concerns the Linux kernel, specifically with x86/CPU/AMD, where certain Zen4 client SoCs advertise the ability to use virtualized VMLOAD/VMSAVE instructions. However, using these instructions can cause a random host reboot. These instructions are not intended to be advertised on Zen4 client systems. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the Linux kernel, where a commit caused GFXOFF control to be used more heavily, leading to a codepath that can be exercised at suspend again, resulting in potential SDMA traffic and system deadlock when using GNOME to suspend the lockscreen trigger. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the drm/amd/display component of the Linux kernel, where two problems have been fixed: a comparison with a wider integer type in a loop condition that can cause infinite loops, and a pointer dereference before a null check. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the `drm/buddy` component of the Linux kernel, specifically with the `alloc range()` function. This function was returning `SUCCESS` in certain corner cases when it couldn't find the required memory blocks, leading to display corruption when booting to KDE Plasma or playing games. The correct approach is for the function to return `-ENOSPC` when the total allocated size is less than the required size. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the Linux kernel's drm/amd/display module. Specifically, during the hibernate sequence, the source context might not have a clk mgr, which can lead to a NULL pointer dereference. This can cause a denial of service. The vulnerability is associated with the function dc resource state copy construct() in the drivers/gpu/drm/amd/display/dc/core/dc resource.c file of the AMD video driver. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A NULL pointer dereference issue in the `amdgpu dm i2c xfer()` function has been resolved. The issue occurs when `ddc service construct()` is called and it checks the link type and whether there is something on the link to dictate whether the pin is marked as `hw supported`. If the pin isn't set or the link is not set, the `amdgpu dm i2c xfer()` call fails. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to errors reading beyond boundaries in the drm/amd component of the Linux kernel. This can lead to a denial of service. The problem is associated with the use of flexible array sizes in pptable structs. For pptable structs that use flexible array sizes, the fix involves using flexible arrays. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to the version that includes the fix for the issue described **Description** A crash occurs in the Linux kernel when the system is suspended and the ath11k driver is unable to find a board file. This issue arises because the board file loading happens after the ath11k pci probe() function successfully returns, and the suspend handler is still enabled, causing it to fail as ath11k is not properly initialized. The problem is resolved by checking the ATH11K FLAG QMI FAIL flag during both suspend and resume. **Recommendations** For Linux kernel versions prior to the fixed version, consider applying the patch that fixes the issue by checking the ATH11K FLAG QMI FAIL flag during both suspend and resume to prevent the crash.