CVE-2024-36018

opremap: prev: 0000003fffed0000 00000000000f0000 00000000a5abd18a 0000000000000000 opremap: next: opremap: unmap: 0000003fffed0000 0000000000100000 0 opmap: map: 0000003ffffc0000 0000000000010000 000000005b1ba33c 00000000000e0000

This was resulting in an unmap operation from 0x3fffed0000+0xf0000, 0x100000 which was corrupting the pagetables and oopsing the kernel.

Fixes the prev + unmap range calcs to use start/end and map back to addr/range.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b88baab828713ce0b49b185444b2ee83bed373a8

Fixed

692a51bebf4552bdf0a79ccd68d291182a26a569

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b88baab828713ce0b49b185444b2ee83bed373a8

Fixed

0c16020d2b69a602c8ae6a1dd2aac9a3023249d6

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b88baab828713ce0b49b185444b2ee83bed373a8

Fixed

be141849ec00ef39935bf169c0f194ac70bf85ce

Affected versions

v6.*

v6.5

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.3

v6.6.4

v6.6.5

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.8.1

v6.8.2

v6.8.3

v6.8.4

v6.9-rc1

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0c16020d2b69a602c8ae6a1dd2aac9a3023249d6",
        "signature_version": "v1",
        "target": {
            "file": "drivers/gpu/drm/nouveau/nouveau_uvmm.c"
        },
        "digest": {
            "line_hashes": [
                "30533978220419342389093878513314807048",
                "87151622145012051207763263066482291026",
                "53912690167726442221876815430034837757",
                "45647324585837311624075191471654822177",
                "86092553353695879718254959290277816083",
                "203854916431530561231187830788564997741",
                "48390605593514241356615008574515551468",
                "50770395516395054621763659702625530992",
                "123905375275611731316717070908407515777"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2024-36018-27637f74"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be141849ec00ef39935bf169c0f194ac70bf85ce",
        "signature_version": "v1",
        "target": {
            "file": "drivers/gpu/drm/nouveau/nouveau_uvmm.c"
        },
        "digest": {
            "line_hashes": [
                "30533978220419342389093878513314807048",
                "87151622145012051207763263066482291026",
                "53912690167726442221876815430034837757",
                "45647324585837311624075191471654822177",
                "86092553353695879718254959290277816083",
                "203854916431530561231187830788564997741",
                "48390605593514241356615008574515551468",
                "50770395516395054621763659702625530992",
                "123905375275611731316717070908407515777"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2024-36018-8b97d39a"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@692a51bebf4552bdf0a79ccd68d291182a26a569",
        "signature_version": "v1",
        "target": {
            "file": "drivers/gpu/drm/nouveau/nouveau_uvmm.c"
        },
        "digest": {
            "line_hashes": [
                "30533978220419342389093878513314807048",
                "87151622145012051207763263066482291026",
                "53912690167726442221876815430034837757",
                "45647324585837311624075191471654822177",
                "86092553353695879718254959290277816083",
                "203854916431530561231187830788564997741",
                "48390605593514241356615008574515551468",
                "50770395516395054621763659702625530992",
                "123905375275611731316717070908407515777"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2024-36018-a169c606"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.6.0

Fixed

6.6.26

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.8.5