In the Linux kernel, the following vulnerability has been resolved:
nouveau/dmem: handle kcalloc() allocation failure
The kcalloc() in nouveaudmemevictchunk() will return null if the physical memory has run out. As a result, if we dereference srcpfns, dstpfns or dmaaddrs, the null pointer dereference bugs will happen.
Moreover, the GPU is going away. If the kcalloc() fails, we could not evict all pages mapping a chunk. So this patch adds a _GFPNOFAIL flag in kcalloc().
Finally, as there is no need to have physically contiguous memory, this patch switches kcalloc() to kvcalloc() in order to avoid failing allocations.