CVE-2024-26943

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-26943
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26943.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-26943
Downstream
Related
Published
2024-05-01T05:18:00Z
Modified
2025-10-15T10:10:41.708411Z
Summary
nouveau/dmem: handle kcalloc() allocation failure
Details

In the Linux kernel, the following vulnerability has been resolved:

nouveau/dmem: handle kcalloc() allocation failure

The kcalloc() in nouveaudmemevictchunk() will return null if the physical memory has run out. As a result, if we dereference srcpfns, dstpfns or dmaaddrs, the null pointer dereference bugs will happen.

Moreover, the GPU is going away. If the kcalloc() fails, we could not evict all pages mapping a chunk. So this patch adds a _GFPNOFAIL flag in kcalloc().

Finally, as there is no need to have physically contiguous memory, this patch switches kcalloc() to kvcalloc() in order to avoid failing allocations.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
249881232e1471d28b68f9a3829acc14d150cf5d
Fixed
9acfd8b083a0ffbd387566800d89f55058a68af2
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
249881232e1471d28b68f9a3829acc14d150cf5d
Fixed
2a84744a037b8a511d6a9055f3defddc28ff4a4d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
249881232e1471d28b68f9a3829acc14d150cf5d
Fixed
5e81773757a95fc298e96cfd6d4700f07b6192a2
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
249881232e1471d28b68f9a3829acc14d150cf5d
Fixed
3e82f7383e0b82a835e6b6b06a348b2bc4e2c2ee
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
249881232e1471d28b68f9a3829acc14d150cf5d
Fixed
16e87fe23d4af6df920406494ced5c0f4354567b

Affected versions

v6.*

v6.0
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.10
v6.7.11
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "77879963299872666214262329850435450904",
                    "169856899717642553153812506424113100856",
                    "117696475437658040404832340001000641529",
                    "301951330956463525201411793231184908257",
                    "6024507734883935846487338603007653695",
                    "225643418735271800755751533031875777839",
                    "335596901652744039750558092309620344663",
                    "195356023756633123036208451772452282901",
                    "257919803158158461707489606566202961467",
                    "191508604457427030970025170743533465977",
                    "324329020007257183379733600701108785426",
                    "175382205499771438027676850970108531313",
                    "9833926707559289685144908492475667225",
                    "249479859356556577365701324891253446419"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5e81773757a95fc298e96cfd6d4700f07b6192a2",
            "target": {
                "file": "drivers/gpu/drm/nouveau/nouveau_dmem.c"
            },
            "id": "CVE-2024-26943-0cd2f785",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1029.0,
                "function_hash": "105693737542441334502482282042198290288"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5e81773757a95fc298e96cfd6d4700f07b6192a2",
            "target": {
                "file": "drivers/gpu/drm/nouveau/nouveau_dmem.c",
                "function": "nouveau_dmem_evict_chunk"
            },
            "id": "CVE-2024-26943-0e988f69",
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1037.0,
                "function_hash": "247172749206540508592754161357874593693"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9acfd8b083a0ffbd387566800d89f55058a68af2",
            "target": {
                "file": "drivers/gpu/drm/nouveau/nouveau_dmem.c",
                "function": "nouveau_dmem_evict_chunk"
            },
            "id": "CVE-2024-26943-25458cac",
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "77879963299872666214262329850435450904",
                    "169856899717642553153812506424113100856",
                    "117696475437658040404832340001000641529",
                    "301951330956463525201411793231184908257",
                    "6024507734883935846487338603007653695",
                    "225643418735271800755751533031875777839",
                    "335596901652744039750558092309620344663",
                    "195356023756633123036208451772452282901",
                    "257919803158158461707489606566202961467",
                    "191508604457427030970025170743533465977",
                    "324329020007257183379733600701108785426",
                    "175382205499771438027676850970108531313",
                    "9833926707559289685144908492475667225",
                    "249479859356556577365701324891253446419"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3e82f7383e0b82a835e6b6b06a348b2bc4e2c2ee",
            "target": {
                "file": "drivers/gpu/drm/nouveau/nouveau_dmem.c"
            },
            "id": "CVE-2024-26943-261331f3",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1029.0,
                "function_hash": "105693737542441334502482282042198290288"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2a84744a037b8a511d6a9055f3defddc28ff4a4d",
            "target": {
                "file": "drivers/gpu/drm/nouveau/nouveau_dmem.c",
                "function": "nouveau_dmem_evict_chunk"
            },
            "id": "CVE-2024-26943-77fc5298",
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "77879963299872666214262329850435450904",
                    "169856899717642553153812506424113100856",
                    "117696475437658040404832340001000641529",
                    "301951330956463525201411793231184908257",
                    "6024507734883935846487338603007653695",
                    "225643418735271800755751533031875777839",
                    "335596901652744039750558092309620344663",
                    "195356023756633123036208451772452282901",
                    "257919803158158461707489606566202961467",
                    "191508604457427030970025170743533465977",
                    "324329020007257183379733600701108785426",
                    "175382205499771438027676850970108531313",
                    "9833926707559289685144908492475667225",
                    "249479859356556577365701324891253446419"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@16e87fe23d4af6df920406494ced5c0f4354567b",
            "target": {
                "file": "drivers/gpu/drm/nouveau/nouveau_dmem.c"
            },
            "id": "CVE-2024-26943-87dcd2be",
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1029.0,
                "function_hash": "105693737542441334502482282042198290288"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@16e87fe23d4af6df920406494ced5c0f4354567b",
            "target": {
                "file": "drivers/gpu/drm/nouveau/nouveau_dmem.c",
                "function": "nouveau_dmem_evict_chunk"
            },
            "id": "CVE-2024-26943-ab9c2124",
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1029.0,
                "function_hash": "105693737542441334502482282042198290288"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3e82f7383e0b82a835e6b6b06a348b2bc4e2c2ee",
            "target": {
                "file": "drivers/gpu/drm/nouveau/nouveau_dmem.c",
                "function": "nouveau_dmem_evict_chunk"
            },
            "id": "CVE-2024-26943-e5cbda93",
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "77879963299872666214262329850435450904",
                    "169856899717642553153812506424113100856",
                    "117696475437658040404832340001000641529",
                    "301951330956463525201411793231184908257",
                    "6024507734883935846487338603007653695",
                    "225643418735271800755751533031875777839",
                    "335596901652744039750558092309620344663",
                    "195356023756633123036208451772452282901",
                    "257919803158158461707489606566202961467",
                    "191508604457427030970025170743533465977",
                    "324329020007257183379733600701108785426",
                    "175382205499771438027676850970108531313",
                    "9833926707559289685144908492475667225",
                    "249479859356556577365701324891253446419"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9acfd8b083a0ffbd387566800d89f55058a68af2",
            "target": {
                "file": "drivers/gpu/drm/nouveau/nouveau_dmem.c"
            },
            "id": "CVE-2024-26943-e612ed82",
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "77879963299872666214262329850435450904",
                    "169856899717642553153812506424113100856",
                    "117696475437658040404832340001000641529",
                    "301951330956463525201411793231184908257",
                    "6024507734883935846487338603007653695",
                    "225643418735271800755751533031875777839",
                    "335596901652744039750558092309620344663",
                    "195356023756633123036208451772452282901",
                    "257919803158158461707489606566202961467",
                    "191508604457427030970025170743533465977",
                    "324329020007257183379733600701108785426",
                    "175382205499771438027676850970108531313",
                    "9833926707559289685144908492475667225",
                    "249479859356556577365701324891253446419"
                ]
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2a84744a037b8a511d6a9055f3defddc28ff4a4d",
            "target": {
                "file": "drivers/gpu/drm/nouveau/nouveau_dmem.c"
            },
            "id": "CVE-2024-26943-efd5fc86",
            "signature_type": "Line"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.1.0
Fixed
6.1.84
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.24
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.12
Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.8.3