ghsa-c6h3-g88w-qcm8
Vulnerability from github
Published
2024-05-01 06:31
Modified
2024-06-03 18:55
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Fix possible null pointer derefence with invalid contexts

vmw_context_cotable can return either an error or a null pointer and its usage sometimes went unchecked. Subsequent code would then try to access either a null pointer or an error value.

The invalid dereferences were only possible with malformed userspace apps which never properly initialized the rendering contexts.

Check the results of vmw_context_cotable to fix the invalid derefs.

Thanks: ziming zhang(@ezrak1e) from Ant Group Light-Year Security Lab who was the first person to discover it. Niels De Graef who reported it and helped to track down the poc.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-26979"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-01T06:15:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix possible null pointer derefence with invalid contexts\n\nvmw_context_cotable can return either an error or a null pointer and its\nusage sometimes went unchecked. Subsequent code would then try to access\neither a null pointer or an error value.\n\nThe invalid dereferences were only possible with malformed userspace\napps which never properly initialized the rendering contexts.\n\nCheck the results of vmw_context_cotable to fix the invalid derefs.\n\nThanks:\nziming zhang(@ezrak1e) from Ant Group Light-Year Security Lab\nwho was the first person to discover it.\nNiels De Graef who reported it and helped to track down the poc.",
  "id": "GHSA-c6h3-g88w-qcm8",
  "modified": "2024-06-03T18:55:51Z",
  "published": "2024-05-01T06:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26979"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07c3fe923ff7eccf684fb4f8c953d0a7cc8ded73"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/517621b7060096e48e42f545fa6646fc00252eac"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/585fec7361e7850bead21fada49a7fcde2f2e791"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/899e154f9546fcae18065d74064889d08fff62c2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9cb3755b1e3680b720b74dbedfac889e904605c7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c560327d900bab968c2e1b4cd7fa2d46cd429e3d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ff41e0d4f3fa10d7cdd7d40f8026bea9fcc8b000"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.