CVE-2024-26912
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-26912
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26912.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-26912
- Downstream
- Published
- 2024-04-17T15:59:23Z
- Modified
- 2025-10-21T11:00:54.035379Z
- Summary
- drm/nouveau: fix several DMA buffer leaks
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: fix several DMA buffer leaks
Nouveau manages GSP-RM DMA buffers with nvkmgspmem objects. Several of these buffers are never dealloced. Some of them can be deallocated right after GSP-RM is initialized, but the rest need to stay until the driver unloads.
Also futher bullet-proof these objects by poisoning the buffer and clearing the nvkmgspmem object when it is deallocated. Poisoning the buffer should trigger an error (or crash) from GSP-RM if it tries to access the buffer after we've deallocated it, because we were wrong about when it is safe to deallocate.
Finally, change the mem->size field to a sizet because that's the same type that dmaalloc_coherent expects.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced176fdcbddfd288408ce8571c1760ad618d962096Fixed6190d4c08897d748dd25f0b78267a90aa1694e15
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced176fdcbddfd288408ce8571c1760ad618d962096Fixed042b5f83841fbf7ce39474412db3b5e4765a7ea7
Affected versions
v6.*
v6.6
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.8-rc1
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6190d4c08897d748dd25f0b78267a90aa1694e15",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26912-07edf852",
"target": {
"function": "r535_gsp_postinit",
"file": "drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c"
},
"signature_type": "Function",
"digest": {
"length": 666.0,
"function_hash": "9529443565217112362943154334780363500"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@042b5f83841fbf7ce39474412db3b5e4765a7ea7",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26912-2192bf06",
"target": {
"function": "r535_gsp_postinit",
"file": "drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c"
},
"signature_type": "Function",
"digest": {
"length": 666.0,
"function_hash": "9529443565217112362943154334780363500"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@042b5f83841fbf7ce39474412db3b5e4765a7ea7",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26912-3ad1ce5d",
"target": {
"file": "drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"171050474878083794808456065196114515270",
"160716494241366663117340321705701808814",
"132212574919932570115279446100385788376",
"191660332046606301323764075239332429166",
"150946932685446938814404976953721603234",
"176602413185103584665547934173355690816",
"203835906962773938129396177385915971466",
"320442894666120266923014174087720628845",
"102988757978718854452483680153944779011",
"291269602776263323827985468140166923223",
"22319761071004317118081858776415177181",
"81491813657047362767939519047960130336",
"201933331079259295855936773416706631583",
"241402214383769082826898262115616541695",
"78919430605332605243517909623884278131",
"320596334120894759956630974776581987247",
"213061436642764816399594756450748317413",
"194485407731486091380128406621309114389",
"113886173407137662315835089416559512384",
"39630752252579828937199102302787766087",
"268342348213197084569754562741900474852",
"94022640075558143600107754669800230314",
"305957909079967183716491371904627771733",
"283203144396727597648225410146581835400",
"304384751538068559828209705351392639114",
"295117620526435230193492027117161821835",
"255153084704288752510350638371735305253",
"257073503586825375272395311004443752186",
"73456572450578792014580749358418680226",
"165677567378082886879352752414352248736",
"56544011635472942607078914808248747784"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6190d4c08897d748dd25f0b78267a90aa1694e15",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26912-56843f7e",
"target": {
"function": "r535_gsp_dtor",
"file": "drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c"
},
"signature_type": "Function",
"digest": {
"length": 411.0,
"function_hash": "145479526825824891873890250810415678405"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@042b5f83841fbf7ce39474412db3b5e4765a7ea7",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26912-7bb8e847",
"target": {
"function": "nvkm_gsp_mem_dtor",
"file": "drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c"
},
"signature_type": "Function",
"digest": {
"length": 202.0,
"function_hash": "326902270775054569473010143899306812903"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@042b5f83841fbf7ce39474412db3b5e4765a7ea7",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26912-8ec178ee",
"target": {
"file": "drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"312442985904246549458967656691057307456",
"24342742477591821667332676533236507132",
"247517909581364258575212797991450403970",
"90411997551964061308650696925574807008"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6190d4c08897d748dd25f0b78267a90aa1694e15",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26912-92f87f81",
"target": {
"file": "drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"312442985904246549458967656691057307456",
"24342742477591821667332676533236507132",
"247517909581364258575212797991450403970",
"90411997551964061308650696925574807008"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6190d4c08897d748dd25f0b78267a90aa1694e15",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26912-a9156c07",
"target": {
"file": "drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"171050474878083794808456065196114515270",
"160716494241366663117340321705701808814",
"132212574919932570115279446100385788376",
"191660332046606301323764075239332429166",
"150946932685446938814404976953721603234",
"176602413185103584665547934173355690816",
"203835906962773938129396177385915971466",
"320442894666120266923014174087720628845",
"102988757978718854452483680153944779011",
"291269602776263323827985468140166923223",
"22319761071004317118081858776415177181",
"81491813657047362767939519047960130336",
"201933331079259295855936773416706631583",
"241402214383769082826898262115616541695",
"78919430605332605243517909623884278131",
"320596334120894759956630974776581987247",
"213061436642764816399594756450748317413",
"194485407731486091380128406621309114389",
"113886173407137662315835089416559512384",
"39630752252579828937199102302787766087",
"268342348213197084569754562741900474852",
"94022640075558143600107754669800230314",
"305957909079967183716491371904627771733",
"283203144396727597648225410146581835400",
"304384751538068559828209705351392639114",
"295117620526435230193492027117161821835",
"255153084704288752510350638371735305253",
"257073503586825375272395311004443752186",
"73456572450578792014580749358418680226",
"165677567378082886879352752414352248736",
"56544011635472942607078914808248747784"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@042b5f83841fbf7ce39474412db3b5e4765a7ea7",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26912-addd2709",
"target": {
"function": "r535_gsp_dtor",
"file": "drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c"
},
"signature_type": "Function",
"digest": {
"length": 411.0,
"function_hash": "145479526825824891873890250810415678405"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6190d4c08897d748dd25f0b78267a90aa1694e15",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26912-da277b5f",
"target": {
"function": "nvkm_gsp_mem_dtor",
"file": "drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c"
},
"signature_type": "Function",
"digest": {
"length": 202.0,
"function_hash": "326902270775054569473010143899306812903"
}
}
]