We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-26940

drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed



Description

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed The driver creates /sys/kernel/debug/dri/0/mob_ttm even when the corresponding ttm_resource_manager is not allocated. This leads to a crash when trying to read from this file. Add a check to create mob_ttm, system_mob_ttm, and gmr_ttm debug file only when the corresponding ttm_resource_manager is allocated. crash> bt PID: 3133409 TASK: ffff8fe4834a5000 CPU: 3 COMMAND: "grep" #0 [ffffb954506b3b20] machine_kexec at ffffffffb2a6bec3 #1 [ffffb954506b3b78] __crash_kexec at ffffffffb2bb598a #2 [ffffb954506b3c38] crash_kexec at ffffffffb2bb68c1 #3 [ffffb954506b3c50] oops_end at ffffffffb2a2a9b1 #4 [ffffb954506b3c70] no_context at ffffffffb2a7e913 #5 [ffffb954506b3cc8] __bad_area_nosemaphore at ffffffffb2a7ec8c #6 [ffffb954506b3d10] do_page_fault at ffffffffb2a7f887 #7 [ffffb954506b3d40] page_fault at ffffffffb360116e [exception RIP: ttm_resource_manager_debug+0x11] RIP: ffffffffc04afd11 RSP: ffffb954506b3df0 RFLAGS: 00010246 RAX: ffff8fe41a6d1200 RBX: 0000000000000000 RCX: 0000000000000940 RDX: 0000000000000000 RSI: ffffffffc04b4338 RDI: 0000000000000000 RBP: ffffb954506b3e08 R8: ffff8fee3ffad000 R9: 0000000000000000 R10: ffff8fe41a76a000 R11: 0000000000000001 R12: 00000000ffffffff R13: 0000000000000001 R14: ffff8fe5bb6f3900 R15: ffff8fe41a6d1200 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #8 [ffffb954506b3e00] ttm_resource_manager_show at ffffffffc04afde7 [ttm] #9 [ffffb954506b3e30] seq_read at ffffffffb2d8f9f3 RIP: 00007f4c4eda8985 RSP: 00007ffdbba9e9f8 RFLAGS: 00000246 RAX: ffffffffffffffda RBX: 000000000037e000 RCX: 00007f4c4eda8985 RDX: 000000000037e000 RSI: 00007f4c41573000 RDI: 0000000000000003 RBP: 000000000037e000 R8: 0000000000000000 R9: 000000000037fe30 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c41573000 R13: 0000000000000003 R14: 00007f4c41572010 R15: 0000000000000003 ORIG_RAX: 0000000000000000 CS: 0033 SS: 002b

Reserved 2024-02-19 | Published 2024-05-01 | Updated 2024-12-19 | Assigner Linux

Product status

Default status
unaffected

af4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6 before 016119154981d81c9e8f2ea3f56b9e2b4ea14500
affected

af4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6 before 042ef0afc40fa1a22b3608f22915b91ce39d128f
affected

af4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6 before 25e3ce59c1200f1f0563e39de151f34962ab0fe1
affected

af4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6 before eb08db0fc5354fa17b7ed66dab3c503332423451
affected

af4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6 before 4be9075fec0a639384ed19975634b662bfab938f
affected

Default status
affected

5.19
affected

Any version before 5.19
unaffected

6.1.84
unaffected

6.6.24
unaffected

6.7.12
unaffected

6.8.3
unaffected

6.9
unaffected

References

git.kernel.org/...c/016119154981d81c9e8f2ea3f56b9e2b4ea14500

git.kernel.org/...c/042ef0afc40fa1a22b3608f22915b91ce39d128f

git.kernel.org/...c/25e3ce59c1200f1f0563e39de151f34962ab0fe1

git.kernel.org/...c/eb08db0fc5354fa17b7ed66dab3c503332423451

git.kernel.org/...c/4be9075fec0a639384ed19975634b662bfab938f

cve.org (CVE-2024-26940)

nvd.nist.gov (CVE-2024-26940)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-26940

Support options

Helpdesk Chat, Email, Knowledgebase