Roman Li

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a double free problem in the Linux kernel's amdgpu module. Specifically, the `link destruct()` function in the `drivers/gpu/drm/amd/display/dc/link/link factory.c` file is vulnerable to repeated freeing of previously freed memory. This could potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability occurs when unloading the amdgpu module, and it involves the `dcn10 link encoder destroy()` and `link destroy()` functions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a potential out of bounds access in the `dml2 calculate rq and dlg params()` function because the value of `out lowest state idx` used as an index for the `FCLKChangeSupport` array can be greater than 1. This could allow an attacker to impact the confidentiality, integrity, and availability of protected information. The `dml2` core specifies identical values for all `FCLKChangeSupport` elements, and using index 0 in the condition can avoid out of bounds access. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a bounds check in the Linux kernel's drm/amd/display component, specifically for dcn35 DcfClocks. The problem arises because `NumFclkLevelsEnabled` is used instead of the designated `NumDcfClkLevelsEnabled` for the bounds check, potentially causing an array index out-of-bounds access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.37 **Description** A dynamic memory safety error detector (KASAN) catches and generates error messages "BUG: KASAN: slab-out-of-bounds" as the writeback connector does not support certain features which are not initialized. The issue occurs in the drm/amd/display component when it attempts to write back data. To resolve this, the connector type is checked, and if it is DRM MODE CONNECTOR WRITEBACK, the operation is skipped. **Recommendations** Update to Linux kernel version 6.6.37 or later to resolve the issue. As a temporary workaround, consider disabling the writeback feature for the drm/amd/display component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** There is a potential memory access violation while iterating through an array of dcn35 clks. This issue can be resolved by limiting iteration per array size. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.