Stephen Boyd

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved. The issue is related to the `dpu plane atomic print state()` function, where a check has been added to protect pipe state prints and avoid NULL pointer dereference. This check is similar to the `r pipe` sspp protect and is intended to prevent issues when the state is dumped without a corresponding `atomic check()` where the `pipe->sspp` is assigned. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a race condition during the initialization of the pmic glink child drivers in the Linux kernel. As pointed out by Stephen Boyd, the protection-domain notifiers may fire and schedule associated work before the client registration returns, resulting in a NULL pointer dereference as the `client` pointer is blindly dereferenced. This occurs when the protection domain registry is populated at the time of registration, which became more likely with the introduction of the commit '1ebcde047c54 ("soc: qcom: add pd-mapper implementation")'. The vulnerable code is identical across the altmode, battery manager, and usci child drivers. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.67 Description: The vulnerability is related to the Linux kernel's drm/msm component, which is responsible for managing memory and graphics processing. The issue arises from a missing flag in the mmap function, specifically the VM IO and VM DONTDUMP flags. This omission causes crashes on Chromebooks that use ARC++ while logging out, resulting in a kernel paging request error. The error is characterized by an "Unable to handle kernel paging request" message, followed by a memory abort info and data abort info section. The vulnerability is not explicitly stated to affect a specific number of devices or to have been exploited in real-world incidents. Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for the drm/msm component, which adds the VM IO and VM DONTDUMP flags back to the mmap function. Specifically, for Linux kernel versions prior to 5.10.67, update to version 5.10.67 or later. As a temporary workaround, consider disabling the `drm gem mmap obj()` function until a patch is available. However, this is not a recommended long-term solution, as it may introduce other issues or limitations. The best course of action is to apply the official patch or update to a newer kernel version that includes the fix.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a null pointer dereference in the zynq component of the Linux kernel. This occurs when the kmalloc() function in zynq clk setup() returns null due to physical memory running out, and then snprintf() is used to write data to the null address. The patch for this issue uses a stack variable to replace the kmalloc(). Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.15.0-rc3+ **Description** The issue arises when a cell has 'nbits' equal to a multiple of BITS PER BYTE. The logic `*p &= GENMASK((cell->nbits%BITS PER BYTE) - 1, 0)` becomes undefined behavior because nbits modulo BITS PER BYTE is 0, and subtracting one from that results in a large number that is then shifted more than the number of bits that fit into an unsigned long. UBSAN reports this problem as a shift-out-of-bounds in drivers/nvmem/core.c. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the shift-out-of-bound vulnerability. For Linux kernel versions prior to 5.15.0-rc3+, consider applying the patch that fixes the shift-out-of-bound issue in the nvmem subsystem. As a temporary workaround, consider disabling the `nvmem cell read` function until a patch is available.