CVE-2024-42261

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-42261
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42261.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-42261
Downstream
Published
2024-08-17T08:54:18Z
Modified
2025-10-15T13:08:53.679580Z
Summary
drm/v3d: Validate passed in drm syncobj handles in the timestamp extension
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/v3d: Validate passed in drm syncobj handles in the timestamp extension

If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well.

Fix it by checking handle was looked up successfully or otherwise fail the extension by jumping into the existing unwind.

(cherry picked from commit 8d1276d1b8f738c3afe1457d4dff5cc66fc848a3)

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9ba0ff3e083f6a4a0b6698f06bfff74805fefa5f
Fixed
5c56f104edd02a537e9327dc543574e55713e1d7
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9ba0ff3e083f6a4a0b6698f06bfff74805fefa5f
Fixed
023d22e8bb0cdd6900382ad1ed06df3b6c2ea791

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.10.3
v6.7
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1250.0,
                "function_hash": "159694672240166661925394686362249513003"
            },
            "target": {
                "function": "v3d_get_cpu_timestamp_query_params",
                "file": "drivers/gpu/drm/v3d/v3d_submit.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@023d22e8bb0cdd6900382ad1ed06df3b6c2ea791",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-42261-0ebb5324"
        },
        {
            "digest": {
                "line_hashes": [
                    "280462491379853070409157432734834485471",
                    "298819278172272916945053566018862672759",
                    "115384760955742646006957280550483458458",
                    "339281526510043414781740376073065667580",
                    "280462491379853070409157432734834485471",
                    "298819278172272916945053566018862672759",
                    "289295145001945898769480406431416967004",
                    "175699454314068204302714178145306295633",
                    "280462491379853070409157432734834485471",
                    "298819278172272916945053566018862672759",
                    "19527607376558514829827490150716751680",
                    "273696792859770243115943858546988458869"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "drivers/gpu/drm/v3d/v3d_submit.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5c56f104edd02a537e9327dc543574e55713e1d7",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-42261-3c7d47c8"
        },
        {
            "digest": {
                "length": 1476.0,
                "function_hash": "267871282501241898535953037121227932241"
            },
            "target": {
                "function": "v3d_get_cpu_copy_query_results_params",
                "file": "drivers/gpu/drm/v3d/v3d_submit.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@023d22e8bb0cdd6900382ad1ed06df3b6c2ea791",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-42261-5a5d84cf"
        },
        {
            "digest": {
                "length": 1476.0,
                "function_hash": "267871282501241898535953037121227932241"
            },
            "target": {
                "function": "v3d_get_cpu_copy_query_results_params",
                "file": "drivers/gpu/drm/v3d/v3d_submit.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5c56f104edd02a537e9327dc543574e55713e1d7",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-42261-73a0fbc6"
        },
        {
            "digest": {
                "length": 1112.0,
                "function_hash": "295895480946786079565680837652976159319"
            },
            "target": {
                "function": "v3d_get_cpu_reset_timestamp_params",
                "file": "drivers/gpu/drm/v3d/v3d_submit.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5c56f104edd02a537e9327dc543574e55713e1d7",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-42261-84da4120"
        },
        {
            "digest": {
                "length": 1112.0,
                "function_hash": "295895480946786079565680837652976159319"
            },
            "target": {
                "function": "v3d_get_cpu_reset_timestamp_params",
                "file": "drivers/gpu/drm/v3d/v3d_submit.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@023d22e8bb0cdd6900382ad1ed06df3b6c2ea791",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-42261-9f88e0d2"
        },
        {
            "digest": {
                "line_hashes": [
                    "280462491379853070409157432734834485471",
                    "298819278172272916945053566018862672759",
                    "115384760955742646006957280550483458458",
                    "339281526510043414781740376073065667580",
                    "280462491379853070409157432734834485471",
                    "298819278172272916945053566018862672759",
                    "289295145001945898769480406431416967004",
                    "175699454314068204302714178145306295633",
                    "280462491379853070409157432734834485471",
                    "298819278172272916945053566018862672759",
                    "19527607376558514829827490150716751680",
                    "273696792859770243115943858546988458869"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "drivers/gpu/drm/v3d/v3d_submit.c"
            },
            "signature_type": "Line",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@023d22e8bb0cdd6900382ad1ed06df3b6c2ea791",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-42261-cddba3e3"
        },
        {
            "digest": {
                "length": 1250.0,
                "function_hash": "159694672240166661925394686362249513003"
            },
            "target": {
                "function": "v3d_get_cpu_timestamp_query_params",
                "file": "drivers/gpu/drm/v3d/v3d_submit.c"
            },
            "signature_type": "Function",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5c56f104edd02a537e9327dc543574e55713e1d7",
            "deprecated": false,
            "signature_version": "v1",
            "id": "CVE-2024-42261-e24d0625"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.10.4