CVE-2024-36018

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-36018
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36018.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-36018
Downstream
Related
Published
2024-05-30T14:59:42.091Z
Modified
2025-11-20T04:29:48.524925Z
Summary
nouveau/uvmm: fix addr/range calcs for remap operations
Details

In the Linux kernel, the following vulnerability has been resolved:

nouveau/uvmm: fix addr/range calcs for remap operations

dEQP-VK.sparseresources.imagerebind.2darray.r64i.128128_8 was causing a remap operation like the below.

opremap: prev: 0000003fffed0000 00000000000f0000 00000000a5abd18a 0000000000000000 opremap: next: opremap: unmap: 0000003fffed0000 0000000000100000 0 opmap: map: 0000003ffffc0000 0000000000010000 000000005b1ba33c 00000000000e0000

This was resulting in an unmap operation from 0x3fffed0000+0xf0000, 0x100000 which was corrupting the pagetables and oopsing the kernel.

Fixes the prev + unmap range calcs to use start/end and map back to addr/range.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b88baab828713ce0b49b185444b2ee83bed373a8
Fixed
692a51bebf4552bdf0a79ccd68d291182a26a569
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b88baab828713ce0b49b185444b2ee83bed373a8
Fixed
0c16020d2b69a602c8ae6a1dd2aac9a3023249d6
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b88baab828713ce0b49b185444b2ee83bed373a8
Fixed
be141849ec00ef39935bf169c0f194ac70bf85ce

Affected versions

v6.*

v6.5
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.9-rc1

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "30533978220419342389093878513314807048",
                "87151622145012051207763263066482291026",
                "53912690167726442221876815430034837757",
                "45647324585837311624075191471654822177",
                "86092553353695879718254959290277816083",
                "203854916431530561231187830788564997741",
                "48390605593514241356615008574515551468",
                "50770395516395054621763659702625530992",
                "123905375275611731316717070908407515777"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0c16020d2b69a602c8ae6a1dd2aac9a3023249d6",
        "target": {
            "file": "drivers/gpu/drm/nouveau/nouveau_uvmm.c"
        },
        "id": "CVE-2024-36018-27637f74"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "30533978220419342389093878513314807048",
                "87151622145012051207763263066482291026",
                "53912690167726442221876815430034837757",
                "45647324585837311624075191471654822177",
                "86092553353695879718254959290277816083",
                "203854916431530561231187830788564997741",
                "48390605593514241356615008574515551468",
                "50770395516395054621763659702625530992",
                "123905375275611731316717070908407515777"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be141849ec00ef39935bf169c0f194ac70bf85ce",
        "target": {
            "file": "drivers/gpu/drm/nouveau/nouveau_uvmm.c"
        },
        "id": "CVE-2024-36018-8b97d39a"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "30533978220419342389093878513314807048",
                "87151622145012051207763263066482291026",
                "53912690167726442221876815430034837757",
                "45647324585837311624075191471654822177",
                "86092553353695879718254959290277816083",
                "203854916431530561231187830788564997741",
                "48390605593514241356615008574515551468",
                "50770395516395054621763659702625530992",
                "123905375275611731316717070908407515777"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@692a51bebf4552bdf0a79ccd68d291182a26a569",
        "target": {
            "file": "drivers/gpu/drm/nouveau/nouveau_uvmm.c"
        },
        "id": "CVE-2024-36018-a169c606"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.26
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.8.5