CVE-2024-26940
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-26940
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26940.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-26940
- Downstream
- Related
- Published
- 2024-05-01T05:17:48Z
- Modified
- 2025-10-21T20:07:39.404416Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Create debugfs ttmresourcemanager entry only if needed
The driver creates /sys/kernel/debug/dri/0/mobttm even when the corresponding ttmresource_manager is not allocated. This leads to a crash when trying to read from this file.
Add a check to create mobttm, systemmobttm, and gmrttm debug file only when the corresponding ttmresourcemanager is allocated.
crash> bt PID: 3133409 TASK: ffff8fe4834a5000 CPU: 3 COMMAND: "grep" #0 [ffffb954506b3b20] machinekexec at ffffffffb2a6bec3 #1 [ffffb954506b3b78] _crashkexec at ffffffffb2bb598a #2 [ffffb954506b3c38] crashkexec at ffffffffb2bb68c1 #3 [ffffb954506b3c50] oopsend at ffffffffb2a2a9b1 #4 [ffffb954506b3c70] nocontext at ffffffffb2a7e913 #5 [ffffb954506b3cc8] _badareanosemaphore at ffffffffb2a7ec8c #6 [ffffb954506b3d10] dopagefault at ffffffffb2a7f887 #7 [ffffb954506b3d40] pagefault at ffffffffb360116e [exception RIP: ttmresourcemanagerdebug+0x11] RIP: ffffffffc04afd11 RSP: ffffb954506b3df0 RFLAGS: 00010246 RAX: ffff8fe41a6d1200 RBX: 0000000000000000 RCX: 0000000000000940 RDX: 0000000000000000 RSI: ffffffffc04b4338 RDI: 0000000000000000 RBP: ffffb954506b3e08 R8: ffff8fee3ffad000 R9: 0000000000000000 R10: ffff8fe41a76a000 R11: 0000000000000001 R12: 00000000ffffffff R13: 0000000000000001 R14: ffff8fe5bb6f3900 R15: ffff8fe41a6d1200 ORIGRAX: ffffffffffffffff CS: 0010 SS: 0018 #8 [ffffb954506b3e00] ttmresourcemanagershow at ffffffffc04afde7 [ttm] #9 [ffffb954506b3e30] seqread at ffffffffb2d8f9f3 RIP: 00007f4c4eda8985 RSP: 00007ffdbba9e9f8 RFLAGS: 00000246 RAX: ffffffffffffffda RBX: 000000000037e000 RCX: 00007f4c4eda8985 RDX: 000000000037e000 RSI: 00007f4c41573000 RDI: 0000000000000003 RBP: 000000000037e000 R8: 0000000000000000 R9: 000000000037fe30 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c41573000 R13: 0000000000000003 R14: 00007f4c41572010 R15: 0000000000000003 ORIG_RAX: 0000000000000000 CS: 0033 SS: 002b
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/016119154981d81c9e8f2ea3f56b9e2b4ea14500
- https://git.kernel.org/stable/c/042ef0afc40fa1a22b3608f22915b91ce39d128f
- https://git.kernel.org/stable/c/25e3ce59c1200f1f0563e39de151f34962ab0fe1
- https://git.kernel.org/stable/c/4be9075fec0a639384ed19975634b662bfab938f
- https://git.kernel.org/stable/c/eb08db0fc5354fa17b7ed66dab3c503332423451
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedaf4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6Fixed016119154981d81c9e8f2ea3f56b9e2b4ea14500
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedaf4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6Fixed042ef0afc40fa1a22b3608f22915b91ce39d128f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedaf4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6Fixed25e3ce59c1200f1f0563e39de151f34962ab0fe1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedaf4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6Fixedeb08db0fc5354fa17b7ed66dab3c503332423451
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedaf4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6Fixed4be9075fec0a639384ed19975634b662bfab938f
Affected versions
v5.*
v6.*
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4be9075fec0a639384ed19975634b662bfab938f",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26940-3d32f6b5",
"target": {
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"190955641525857901571056571948435356614",
"146323459410009246250038498217183783379",
"48246823370462054743022128936159282242",
"317197852226856245077017107111608980482",
"7050877699234941131549548698673853239",
"67892384168171434578922429570050410478",
"94984043687140918692049201632094505181",
"157965191632864145528517097344376422138",
"54422473991527432871282200900298292502"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@016119154981d81c9e8f2ea3f56b9e2b4ea14500",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26940-4638e20b",
"target": {
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"190955641525857901571056571948435356614",
"146323459410009246250038498217183783379",
"48246823370462054743022128936159282242",
"317197852226856245077017107111608980482",
"7050877699234941131549548698673853239",
"67892384168171434578922429570050410478",
"94984043687140918692049201632094505181",
"157965191632864145528517097344376422138",
"54422473991527432871282200900298292502"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4be9075fec0a639384ed19975634b662bfab938f",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26940-4d02a830",
"target": {
"function": "vmw_debugfs_resource_managers_init",
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"signature_type": "Function",
"digest": {
"length": 511.0,
"function_hash": "84821328882704388192105418388753213297"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@016119154981d81c9e8f2ea3f56b9e2b4ea14500",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26940-568e4a07",
"target": {
"function": "vmw_debugfs_resource_managers_init",
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"signature_type": "Function",
"digest": {
"length": 511.0,
"function_hash": "84821328882704388192105418388753213297"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@25e3ce59c1200f1f0563e39de151f34962ab0fe1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26940-8401f3d9",
"target": {
"function": "vmw_debugfs_resource_managers_init",
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"signature_type": "Function",
"digest": {
"length": 511.0,
"function_hash": "84821328882704388192105418388753213297"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@042ef0afc40fa1a22b3608f22915b91ce39d128f",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26940-87738c39",
"target": {
"function": "vmw_debugfs_resource_managers_init",
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"signature_type": "Function",
"digest": {
"length": 511.0,
"function_hash": "84821328882704388192105418388753213297"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@042ef0afc40fa1a22b3608f22915b91ce39d128f",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26940-a31454ca",
"target": {
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"190955641525857901571056571948435356614",
"146323459410009246250038498217183783379",
"48246823370462054743022128936159282242",
"317197852226856245077017107111608980482",
"7050877699234941131549548698673853239",
"67892384168171434578922429570050410478",
"94984043687140918692049201632094505181",
"157965191632864145528517097344376422138",
"54422473991527432871282200900298292502"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@25e3ce59c1200f1f0563e39de151f34962ab0fe1",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2024-26940-b9d81511",
"target": {
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"190955641525857901571056571948435356614",
"146323459410009246250038498217183783379",
"48246823370462054743022128936159282242",
"317197852226856245077017107111608980482",
"7050877699234941131549548698673853239",
"67892384168171434578922429570050410478",
"94984043687140918692049201632094505181",
"157965191632864145528517097344376422138",
"54422473991527432871282200900298292502"
]
}
}
]