FKIE_CVE-2024-35810

Vulnerability from fkie_nvd - Published: 2024-05-17 14:15 - Updated: 2025-09-26 15:56
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix the lifetime of the bo cursor memory The cleanup can be dispatched while the atomic update is still active, which means that the memory acquired in the atomic update needs to not be invalidated by the cleanup. The buffer objects in vmw_plane_state instead of using the builtin map_and_cache were trying to handle the lifetime of the mapped memory themselves, leading to crashes. Use the map_and_cache instead of trying to manage the lifetime of the buffer objects held by the vmw_plane_state. Fixes kernel oops'es in IGT's kms_cursor_legacy forked-bo.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/104a5b2772bc7c0715ae7355ccf9d294a472765cPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/86cb706a40b7e6b2221ee49a298a65ad9b46c02dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ed381800ea6d9a4c7f199235a471c0c48100f0aePatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/104a5b2772bc7c0715ae7355ccf9d294a472765cPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/86cb706a40b7e6b2221ee49a298a65ad9b46c02dPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/ed381800ea6d9a4c7f199235a471c0c48100f0aePatch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8018C1D0-0A5F-48D0-BC72-A2B33FDDA693",
              "versionEndExcluding": "6.6.24",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE9771A-BAFD-4624-95F9-58D536540C53",
              "versionEndExcluding": "6.7.12",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C59BBC3-6495-4A77-9C82-55EC7CDF5E02",
              "versionEndExcluding": "6.8.3",
              "versionStartIncluding": "6.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix the lifetime of the bo cursor memory\n\nThe cleanup can be dispatched while the atomic update is still active,\nwhich means that the memory acquired in the atomic update needs to\nnot be invalidated by the cleanup. The buffer objects in vmw_plane_state\ninstead of using the builtin map_and_cache were trying to handle\nthe lifetime of the mapped memory themselves, leading to crashes.\n\nUse the map_and_cache instead of trying to manage the lifetime of the\nbuffer objects held by the vmw_plane_state.\n\nFixes kernel oops\u0027es in IGT\u0027s kms_cursor_legacy forked-bo."
    },
    {
      "lang": "es",
      "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/vmwgfx: corregida la vida \u00fatil de la memoria del cursor bo. La sanitizaci\u00f3n se puede realizar mientras la actualizaci\u00f3n at\u00f3mica a\u00fan est\u00e1 activa, lo que significa que la memoria adquirida en la actualizaci\u00f3n at\u00f3mica no necesita ser invalidado por la limpieza. Los objetos del b\u00fafer en vmw_plane_state, en lugar de utilizar el map_and_cache incorporado, intentaban manejar ellos mismos la vida \u00fatil de la memoria asignada, lo que provocaba fallos. Utilice map_and_cache en lugar de intentar administrar la vida \u00fatil de los objetos del b\u00fafer retenidos por vmw_plane_state. Corrige los errores del kernel en kms_cursor_legacy forked-bo de IGT."
    }
  ],
  "id": "CVE-2024-35810",
  "lastModified": "2025-09-26T15:56:44.993",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-17T14:15:14.970",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/104a5b2772bc7c0715ae7355ccf9d294a472765c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/86cb706a40b7e6b2221ee49a298a65ad9b46c02d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ed381800ea6d9a4c7f199235a471c0c48100f0ae"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/104a5b2772bc7c0715ae7355ccf9d294a472765c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/86cb706a40b7e6b2221ee49a298a65ad9b46c02d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ed381800ea6d9a4c7f199235a471c0c48100f0ae"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.