CVE-2024-35951
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35951
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35951.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-35951
- Downstream
- Related
- Published
- 2024-05-20T09:41:45Z
- Modified
- 2025-10-21T21:30:28.140955Z
- Summary
- drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/panfrost: Fix the error path in panfrostmmumapfaultaddr()
Subject: [PATCH] drm/panfrost: Fix the error path in panfrostmmumapfaultaddr()
If some the pages or sgt allocation failed, we shouldn't release the pages ref we got earlier, otherwise we will end up with unbalanced get/put_pages() calls. We should instead leave everything in place and let the BO release function deal with extra cleanup when the object is destroyed, or let the fault handler try again next time it's called.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- http://www.openwall.com/lists/oss-security/2024/05/30/1
- http://www.openwall.com/lists/oss-security/2024/05/30/2
- https://git.kernel.org/stable/c/1fc9af813b25e146d3607669247d0f970f5a87c3
- https://git.kernel.org/stable/c/31806711e8a4b75e09b1c43652f2a6420e6e1002
- https://git.kernel.org/stable/c/e18070c622c63f0cab170348e320454728c277aa
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced187d2929206e6b098312c174ea873e4cedf5420dFixed31806711e8a4b75e09b1c43652f2a6420e6e1002
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced187d2929206e6b098312c174ea873e4cedf5420dFixede18070c622c63f0cab170348e320454728c277aa
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced187d2929206e6b098312c174ea873e4cedf5420dFixed1fc9af813b25e146d3607669247d0f970f5a87c3
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.3
v5.3-rc2
v5.3-rc3
v5.3-rc4
v5.3-rc5
v5.3-rc6
v5.3-rc7
v5.3-rc8
v5.4
v5.4-rc1
v5.4-rc2
v5.4-rc3
v5.4-rc4
v5.4-rc5
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.9-rc1
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@31806711e8a4b75e09b1c43652f2a6420e6e1002",
"digest": {
"threshold": 0.9,
"line_hashes": [
"221029219821560889431786733704265902321",
"262092331111467236522521405894411734904",
"250015090780634213850854141305024600412",
"139227972655227579469169836693662771855",
"277315985914217639724342066738672622616",
"200535674037978996488286721809837597186",
"210303673598777890558727570516356191877",
"280770856513263124592663793253302716356",
"63068051249088958645482416895518098931",
"77533260701921145823422376938614447183",
"96617959738956923325123452551286930976",
"272681183292502883669668629290076653982",
"265861194187627985800887686118808058467",
"293905138704660976259666647317483949482",
"208824235044563661394403581882625606744",
"299574156709542357513589681010026673799",
"113136217780203618495328128687798288536",
"143519166080571141254847520453855143815"
]
},
"target": {
"file": "drivers/gpu/drm/panfrost/panfrost_mmu.c"
},
"id": "CVE-2024-35951-5dbe5c85",
"signature_version": "v1",
"signature_type": "Line"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@31806711e8a4b75e09b1c43652f2a6420e6e1002",
"digest": {
"function_hash": "233706666135925444562110784135480007863",
"length": 2125.0
},
"target": {
"function": "panfrost_mmu_map_fault_addr",
"file": "drivers/gpu/drm/panfrost/panfrost_mmu.c"
},
"id": "CVE-2024-35951-94dc1669",
"signature_version": "v1",
"signature_type": "Function"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e18070c622c63f0cab170348e320454728c277aa",
"digest": {
"threshold": 0.9,
"line_hashes": [
"221029219821560889431786733704265902321",
"262092331111467236522521405894411734904",
"250015090780634213850854141305024600412",
"139227972655227579469169836693662771855",
"277315985914217639724342066738672622616",
"200535674037978996488286721809837597186",
"210303673598777890558727570516356191877",
"280770856513263124592663793253302716356",
"63068051249088958645482416895518098931",
"77533260701921145823422376938614447183",
"96617959738956923325123452551286930976",
"272681183292502883669668629290076653982",
"265861194187627985800887686118808058467",
"293905138704660976259666647317483949482",
"208824235044563661394403581882625606744",
"299574156709542357513589681010026673799",
"113136217780203618495328128687798288536",
"143519166080571141254847520453855143815"
]
},
"target": {
"file": "drivers/gpu/drm/panfrost/panfrost_mmu.c"
},
"id": "CVE-2024-35951-ab85a330",
"signature_version": "v1",
"signature_type": "Line"
},
{
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e18070c622c63f0cab170348e320454728c277aa",
"digest": {
"function_hash": "185421946603155608951044874122961979939",
"length": 2157.0
},
"target": {
"function": "panfrost_mmu_map_fault_addr",
"file": "drivers/gpu/drm/panfrost/panfrost_mmu.c"
},
"id": "CVE-2024-35951-e76590da",
"signature_version": "v1",
"signature_type": "Function"
}
]