FKIE_CVE-2024-26943

Vulnerability from fkie_nvd - Published: 2024-05-01 06:15 - Updated: 2025-03-04 16:02
Severity
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: handle kcalloc() allocation failure The kcalloc() in nouveau_dmem_evict_chunk() will return null if the physical memory has run out. As a result, if we dereference src_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs will happen. Moreover, the GPU is going away. If the kcalloc() fails, we could not evict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL flag in kcalloc(). Finally, as there is no need to have physically contiguous memory, this patch switches kcalloc() to kvcalloc() in order to avoid failing allocations.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/16e87fe23d4af6df920406494ced5c0f4354567bMailing List, Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2a84744a037b8a511d6a9055f3defddc28ff4a4dMailing List, Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3e82f7383e0b82a835e6b6b06a348b2bc4e2c2eeMailing List, Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5e81773757a95fc298e96cfd6d4700f07b6192a2Mailing List, Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9acfd8b083a0ffbd387566800d89f55058a68af2Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/16e87fe23d4af6df920406494ced5c0f4354567bMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/2a84744a037b8a511d6a9055f3defddc28ff4a4dMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/3e82f7383e0b82a835e6b6b06a348b2bc4e2c2eeMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/5e81773757a95fc298e96cfd6d4700f07b6192a2Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/9acfd8b083a0ffbd387566800d89f55058a68af2Mailing List, Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 6.9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE037D6C-EFFB-4511-9C5E-907B08F58386",
              "versionEndExcluding": "6.1.84",
              "versionStartIncluding": "6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8018C1D0-0A5F-48D0-BC72-A2B33FDDA693",
              "versionEndExcluding": "6.6.24",
              "versionStartIncluding": "6.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BE9771A-BAFD-4624-95F9-58D536540C53",
              "versionEndExcluding": "6.7.12",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C59BBC3-6495-4A77-9C82-55EC7CDF5E02",
              "versionEndExcluding": "6.8.3",
              "versionStartIncluding": "6.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/dmem: handle kcalloc() allocation failure\n\nThe kcalloc() in nouveau_dmem_evict_chunk() will return null if\nthe physical memory has run out. As a result, if we dereference\nsrc_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs\nwill happen.\n\nMoreover, the GPU is going away. If the kcalloc() fails, we could not\nevict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL\nflag in kcalloc().\n\nFinally, as there is no need to have physically contiguous memory,\nthis patch switches kcalloc() to kvcalloc() in order to avoid\nfailing allocations."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nouveau/dmem: maneja el error de asignaci\u00f3n de kcalloc() El kcalloc() en nouveau_dmem_evict_chunk() devolver\u00e1 nulo si la memoria f\u00edsica se ha agotado. Como resultado, si eliminamos la referencia a src_pfns, dst_pfns o dma_addrs, se producir\u00e1n errores de desreferenciaci\u00f3n del puntero nulo. Adem\u00e1s, la GPU est\u00e1 desapareciendo. Si kcalloc() falla, no podremos desalojar todas las p\u00e1ginas que asignan un fragmento. Entonces este parche agrega un indicador __GFP_NOFAIL en kcalloc(). Finalmente, como no es necesario tener memoria f\u00edsicamente contigua, este parche cambia kcalloc() a kvcalloc() para evitar asignaciones fallidas."
    }
  ],
  "id": "CVE-2024-26943",
  "lastModified": "2025-03-04T16:02:02.363",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-01T06:15:09.877",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/16e87fe23d4af6df920406494ced5c0f4354567b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2a84744a037b8a511d6a9055f3defddc28ff4a4d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3e82f7383e0b82a835e6b6b06a348b2bc4e2c2ee"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/5e81773757a95fc298e96cfd6d4700f07b6192a2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/9acfd8b083a0ffbd387566800d89f55058a68af2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/16e87fe23d4af6df920406494ced5c0f4354567b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/2a84744a037b8a511d6a9055f3defddc28ff4a4d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3e82f7383e0b82a835e6b6b06a348b2bc4e2c2ee"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/5e81773757a95fc298e96cfd6d4700f07b6192a2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/9acfd8b083a0ffbd387566800d89f55058a68af2"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.