Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-26940

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2024
Last modified:
20/03/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed<br /> <br /> The driver creates /sys/kernel/debug/dri/0/mob_ttm even when the<br /> corresponding ttm_resource_manager is not allocated.<br /> This leads to a crash when trying to read from this file.<br /> <br /> Add a check to create mob_ttm, system_mob_ttm, and gmr_ttm debug file<br /> only when the corresponding ttm_resource_manager is allocated.<br /> <br /> crash&gt; bt<br /> PID: 3133409 TASK: ffff8fe4834a5000 CPU: 3 COMMAND: "grep"<br /> #0 [ffffb954506b3b20] machine_kexec at ffffffffb2a6bec3<br /> #1 [ffffb954506b3b78] __crash_kexec at ffffffffb2bb598a<br /> #2 [ffffb954506b3c38] crash_kexec at ffffffffb2bb68c1<br /> #3 [ffffb954506b3c50] oops_end at ffffffffb2a2a9b1<br /> #4 [ffffb954506b3c70] no_context at ffffffffb2a7e913<br /> #5 [ffffb954506b3cc8] __bad_area_nosemaphore at ffffffffb2a7ec8c<br /> #6 [ffffb954506b3d10] do_page_fault at ffffffffb2a7f887<br /> #7 [ffffb954506b3d40] page_fault at ffffffffb360116e<br /> [exception RIP: ttm_resource_manager_debug+0x11]<br /> RIP: ffffffffc04afd11 RSP: ffffb954506b3df0 RFLAGS: 00010246<br /> RAX: ffff8fe41a6d1200 RBX: 0000000000000000 RCX: 0000000000000940<br /> RDX: 0000000000000000 RSI: ffffffffc04b4338 RDI: 0000000000000000<br /> RBP: ffffb954506b3e08 R8: ffff8fee3ffad000 R9: 0000000000000000<br /> R10: ffff8fe41a76a000 R11: 0000000000000001 R12: 00000000ffffffff<br /> R13: 0000000000000001 R14: ffff8fe5bb6f3900 R15: ffff8fe41a6d1200<br /> ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018<br /> #8 [ffffb954506b3e00] ttm_resource_manager_show at ffffffffc04afde7 [ttm]<br /> #9 [ffffb954506b3e30] seq_read at ffffffffb2d8f9f3<br /> RIP: 00007f4c4eda8985 RSP: 00007ffdbba9e9f8 RFLAGS: 00000246<br /> RAX: ffffffffffffffda RBX: 000000000037e000 RCX: 00007f4c4eda8985<br /> RDX: 000000000037e000 RSI: 00007f4c41573000 RDI: 0000000000000003<br /> RBP: 000000000037e000 R8: 0000000000000000 R9: 000000000037fe30<br /> R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c41573000<br /> R13: 0000000000000003 R14: 00007f4c41572010 R15: 0000000000000003<br /> ORIG_RAX: 0000000000000000 CS: 0033 SS: 002b

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.19 (including) 6.1.84 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.24 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.7.12 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.8 (including) 6.8.3 (excluding)
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools