Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-45012

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/09/2024
Last modified:
13/09/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nouveau/firmware: use dma non-coherent allocator<br /> <br /> Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a<br /> BUG() on startup, when the iommu is enabled:<br /> <br /> kernel BUG at include/linux/scatterlist.h:187!<br /> invalid opcode: 0000 [#1] PREEMPT SMP NOPTI<br /> CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30<br /> Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019<br /> RIP: 0010:sg_init_one+0x85/0xa0<br /> Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54<br /> 24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 0b 0f 0b<br /> 0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00<br /> RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246<br /> RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b<br /> RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000<br /> RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000<br /> R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508<br /> R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018<br /> FS: 00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0<br /> Call Trace:<br /> <br /> ? die+0x36/0x90<br /> ? do_trap+0xdd/0x100<br /> ? sg_init_one+0x85/0xa0<br /> ? do_error_trap+0x65/0x80<br /> ? sg_init_one+0x85/0xa0<br /> ? exc_invalid_op+0x50/0x70<br /> ? sg_init_one+0x85/0xa0<br /> ? asm_exc_invalid_op+0x1a/0x20<br /> ? sg_init_one+0x85/0xa0<br /> nvkm_firmware_ctor+0x14a/0x250 [nouveau]<br /> nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]<br /> ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]<br /> r535_gsp_oneinit+0xb3/0x15f0 [nouveau]<br /> ? srso_return_thunk+0x5/0x5f<br /> ? srso_return_thunk+0x5/0x5f<br /> ? nvkm_udevice_new+0x95/0x140 [nouveau]<br /> ? srso_return_thunk+0x5/0x5f<br /> ? srso_return_thunk+0x5/0x5f<br /> ? ktime_get+0x47/0xb0<br /> <br /> Fix this by using the non-coherent allocator instead, I think there<br /> might be a better answer to this, but it involve ripping up some of<br /> APIs using sg lists.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.48 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.10.7 (excluding)
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools