ghsa-cfg9-pfwm-v8pc
Vulnerability from github
Published
2024-05-01 06:31
Modified
2024-05-01 06:31
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed

The driver creates /sys/kernel/debug/dri/0/mob_ttm even when the corresponding ttm_resource_manager is not allocated. This leads to a crash when trying to read from this file.

Add a check to create mob_ttm, system_mob_ttm, and gmr_ttm debug file only when the corresponding ttm_resource_manager is allocated.

crash> bt PID: 3133409 TASK: ffff8fe4834a5000 CPU: 3 COMMAND: "grep" #0 [ffffb954506b3b20] machine_kexec at ffffffffb2a6bec3 #1 [ffffb954506b3b78] __crash_kexec at ffffffffb2bb598a #2 [ffffb954506b3c38] crash_kexec at ffffffffb2bb68c1 #3 [ffffb954506b3c50] oops_end at ffffffffb2a2a9b1 #4 [ffffb954506b3c70] no_context at ffffffffb2a7e913 #5 [ffffb954506b3cc8] __bad_area_nosemaphore at ffffffffb2a7ec8c #6 [ffffb954506b3d10] do_page_fault at ffffffffb2a7f887 #7 [ffffb954506b3d40] page_fault at ffffffffb360116e [exception RIP: ttm_resource_manager_debug+0x11] RIP: ffffffffc04afd11 RSP: ffffb954506b3df0 RFLAGS: 00010246 RAX: ffff8fe41a6d1200 RBX: 0000000000000000 RCX: 0000000000000940 RDX: 0000000000000000 RSI: ffffffffc04b4338 RDI: 0000000000000000 RBP: ffffb954506b3e08 R8: ffff8fee3ffad000 R9: 0000000000000000 R10: ffff8fe41a76a000 R11: 0000000000000001 R12: 00000000ffffffff R13: 0000000000000001 R14: ffff8fe5bb6f3900 R15: ffff8fe41a6d1200 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #8 [ffffb954506b3e00] ttm_resource_manager_show at ffffffffc04afde7 [ttm] #9 [ffffb954506b3e30] seq_read at ffffffffb2d8f9f3 RIP: 00007f4c4eda8985 RSP: 00007ffdbba9e9f8 RFLAGS: 00000246 RAX: ffffffffffffffda RBX: 000000000037e000 RCX: 00007f4c4eda8985 RDX: 000000000037e000 RSI: 00007f4c41573000 RDI: 0000000000000003 RBP: 000000000037e000 R8: 0000000000000000 R9: 000000000037fe30 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c41573000 R13: 0000000000000003 R14: 00007f4c41572010 R15: 0000000000000003 ORIG_RAX: 0000000000000000 CS: 0033 SS: 002b

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-26940"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-01T06:15:09Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed\n\nThe driver creates /sys/kernel/debug/dri/0/mob_ttm even when the\ncorresponding ttm_resource_manager is not allocated.\nThis leads to a crash when trying to read from this file.\n\nAdd a check to create mob_ttm, system_mob_ttm, and gmr_ttm debug file\nonly when the corresponding ttm_resource_manager is allocated.\n\ncrash\u003e bt\nPID: 3133409  TASK: ffff8fe4834a5000  CPU: 3    COMMAND: \"grep\"\n #0 [ffffb954506b3b20] machine_kexec at ffffffffb2a6bec3\n #1 [ffffb954506b3b78] __crash_kexec at ffffffffb2bb598a\n #2 [ffffb954506b3c38] crash_kexec at ffffffffb2bb68c1\n #3 [ffffb954506b3c50] oops_end at ffffffffb2a2a9b1\n #4 [ffffb954506b3c70] no_context at ffffffffb2a7e913\n #5 [ffffb954506b3cc8] __bad_area_nosemaphore at ffffffffb2a7ec8c\n #6 [ffffb954506b3d10] do_page_fault at ffffffffb2a7f887\n #7 [ffffb954506b3d40] page_fault at ffffffffb360116e\n    [exception RIP: ttm_resource_manager_debug+0x11]\n    RIP: ffffffffc04afd11  RSP: ffffb954506b3df0  RFLAGS: 00010246\n    RAX: ffff8fe41a6d1200  RBX: 0000000000000000  RCX: 0000000000000940\n    RDX: 0000000000000000  RSI: ffffffffc04b4338  RDI: 0000000000000000\n    RBP: ffffb954506b3e08   R8: ffff8fee3ffad000   R9: 0000000000000000\n    R10: ffff8fe41a76a000  R11: 0000000000000001  R12: 00000000ffffffff\n    R13: 0000000000000001  R14: ffff8fe5bb6f3900  R15: ffff8fe41a6d1200\n    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018\n #8 [ffffb954506b3e00] ttm_resource_manager_show at ffffffffc04afde7 [ttm]\n #9 [ffffb954506b3e30] seq_read at ffffffffb2d8f9f3\n    RIP: 00007f4c4eda8985  RSP: 00007ffdbba9e9f8  RFLAGS: 00000246\n    RAX: ffffffffffffffda  RBX: 000000000037e000  RCX: 00007f4c4eda8985\n    RDX: 000000000037e000  RSI: 00007f4c41573000  RDI: 0000000000000003\n    RBP: 000000000037e000   R8: 0000000000000000   R9: 000000000037fe30\n    R10: 0000000000000000  R11: 0000000000000246  R12: 00007f4c41573000\n    R13: 0000000000000003  R14: 00007f4c41572010  R15: 0000000000000003\n    ORIG_RAX: 0000000000000000  CS: 0033  SS: 002b",
  "id": "GHSA-cfg9-pfwm-v8pc",
  "modified": "2024-05-01T06:31:41Z",
  "published": "2024-05-01T06:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26940"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/016119154981d81c9e8f2ea3f56b9e2b4ea14500"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/042ef0afc40fa1a22b3608f22915b91ce39d128f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/25e3ce59c1200f1f0563e39de151f34962ab0fe1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4be9075fec0a639384ed19975634b662bfab938f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb08db0fc5354fa17b7ed66dab3c503332423451"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.