CVE-2024-46710

The kms paths keep a persistent map active to read and compare the cursor buffer. These maps can race with each other in simple scenario where: a) buffer "a" mapped for update b) buffer "a" mapped for compare c) do the compare d) unmap "a" for compare e) update the cursor f) unmap "a" for update At step "e" the buffer has been unmapped and the read contents is bogus.

Prevent unmapping of active read buffers by simply keeping a count of how many paths have currently active maps and unmap only when the count reaches 0.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

485d98d472d53f9617ffdfba5e677ac29ad4fe20

Fixed

58a3714db4d9dcaeb9fc4905141e17b9f536c0a5

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

485d98d472d53f9617ffdfba5e677ac29ad4fe20

Fixed

0851b1ec650adadcaa23ec96daad95a55bf966f0

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

485d98d472d53f9617ffdfba5e677ac29ad4fe20

Fixed

d5228d158e4c0b1663b3983044913c15c3d0135e

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

485d98d472d53f9617ffdfba5e677ac29ad4fe20

Fixed

aba07b9a0587f50e5d3346eaa19019cf3f86c0ea

Affected versions

v5.*

v5.17

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

v6.1.10

v6.1.100

v6.1.101

v6.1.102

v6.1.103

v6.1.104

v6.1.105

v6.1.106

v6.1.107

v6.1.108

v6.1.109

v6.1.11

v6.1.110

v6.1.111

v6.1.112

v6.1.12

v6.1.13

v6.1.14

v6.1.15

v6.1.16

v6.1.17

v6.1.18

v6.1.19

v6.1.2

v6.1.20

v6.1.21

v6.1.22

v6.1.23

v6.1.24

v6.1.25

v6.1.26

v6.1.27

v6.1.28

v6.1.29

v6.1.3

v6.1.30

v6.1.31

v6.1.32

v6.1.33

v6.1.34

v6.1.35

v6.1.36

v6.1.37

v6.1.38

v6.1.39

v6.1.4

v6.1.40

v6.1.41

v6.1.42

v6.1.43

v6.1.44

v6.1.45

v6.1.46

v6.1.47

v6.1.48

v6.1.49

v6.1.5

v6.1.50

v6.1.51

v6.1.52

v6.1.53

v6.1.54

v6.1.55

v6.1.56

v6.1.57

v6.1.58

v6.1.59

v6.1.6

v6.1.60

v6.1.61

v6.1.62

v6.1.63

v6.1.64

v6.1.65

v6.1.66

v6.1.67

v6.1.68

v6.1.69

v6.1.7

v6.1.70

v6.1.71

v6.1.72

v6.1.73

v6.1.74

v6.1.75

v6.1.76

v6.1.77

v6.1.78

v6.1.79

v6.1.8

v6.1.80

v6.1.81

v6.1.82

v6.1.83

v6.1.84

v6.1.85

v6.1.86

v6.1.87

v6.1.88

v6.1.89

v6.1.9

v6.1.90

v6.1.91

v6.1.92

v6.1.93

v6.1.94

v6.1.95

v6.1.96

v6.1.97

v6.1.98

v6.1.99

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.10.1

v6.10.2

v6.10.3

v6.10.4

v6.10.5

v6.10.6

v6.10.7

v6.11-rc1

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.5

v6.6.50

v6.6.51

v6.6.52

v6.6.53

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

{
    "vanir_signatures": [
        {
            "target": {
                "function": "vmw_bo_unmap",
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.c"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aba07b9a0587f50e5d3346eaa19019cf3f86c0ea",
            "id": "CVE-2024-46710-01312156",
            "deprecated": false,
            "digest": {
                "length": 135.0,
                "function_hash": "69388497224851353675338781459271036615"
            },
            "signature_type": "Function"
        },
        {
            "target": {
                "function": "vmw_bo_map_and_cache_size",
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.c"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aba07b9a0587f50e5d3346eaa19019cf3f86c0ea",
            "id": "CVE-2024-46710-0f4b1676",
            "deprecated": false,
            "digest": {
                "length": 441.0,
                "function_hash": "100599907121176654900666453854271050021"
            },
            "signature_type": "Function"
        },
        {
            "target": {
                "function": "vmw_bo_init",
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.c"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5228d158e4c0b1663b3983044913c15c3d0135e",
            "id": "CVE-2024-46710-2260811a",
            "deprecated": false,
            "digest": {
                "length": 938.0,
                "function_hash": "336164078857770144062184924288757006175"
            },
            "signature_type": "Function"
        },
        {
            "target": {
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.c"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0851b1ec650adadcaa23ec96daad95a55bf966f0",
            "id": "CVE-2024-46710-4a7c7063",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "243251785461686692886536562006194674013",
                    "30887265825432129638805758264099260387",
                    "225683605249269573160052090760425280558",
                    "282846655047840516331823527645317326936",
                    "39302318264769077636374043955522028566",
                    "274144019191385544036023664452990431251",
                    "48258138051347723650676641592591117354",
                    "95887430753707775582108782988173936048",
                    "311482366858735193176706173382943219123",
                    "286564609000591479216895259143359065089",
                    "315653671614746477355060691982991664733",
                    "225353198404484314226646617351143642114",
                    "331399523496169778557323601987298321341",
                    "132443036242022883066814371516247786453",
                    "234595202194185923206059068500901526456"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "target": {
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.c"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5228d158e4c0b1663b3983044913c15c3d0135e",
            "id": "CVE-2024-46710-62e55be8",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "243251785461686692886536562006194674013",
                    "30887265825432129638805758264099260387",
                    "225683605249269573160052090760425280558",
                    "282846655047840516331823527645317326936",
                    "39302318264769077636374043955522028566",
                    "274144019191385544036023664452990431251",
                    "48258138051347723650676641592591117354",
                    "95887430753707775582108782988173936048",
                    "311482366858735193176706173382943219123",
                    "286564609000591479216895259143359065089",
                    "315653671614746477355060691982991664733",
                    "202687502076712139427260431584182324773",
                    "106097103044821794235917840067160589037",
                    "259483553206777316877821641491574978049",
                    "92965231024331324975056402682532242995"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "target": {
                "function": "vmw_bo_init",
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.c"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0851b1ec650adadcaa23ec96daad95a55bf966f0",
            "id": "CVE-2024-46710-72d59957",
            "deprecated": false,
            "digest": {
                "length": 893.0,
                "function_hash": "283331127316009963408485219294848761071"
            },
            "signature_type": "Function"
        },
        {
            "target": {
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.c"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@58a3714db4d9dcaeb9fc4905141e17b9f536c0a5",
            "id": "CVE-2024-46710-77f48f12",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "243251785461686692886536562006194674013",
                    "30887265825432129638805758264099260387",
                    "225683605249269573160052090760425280558",
                    "338096620413507097849090948442333965740",
                    "165659423617126673792022779582058894804",
                    "166036388222236255096235064321390069703",
                    "48258138051347723650676641592591117354",
                    "106217506912363885880114674378754296390",
                    "115692253950255852576960367738271514935",
                    "140130682279982301106594935747523315829",
                    "183828160400518731142064054619447305841",
                    "99208400168755621032958087428596316175",
                    "104528241881056321713463640016925208996",
                    "121801887182977339797417521161180746911"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "target": {
                "function": "vmw_bo_init",
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.c"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aba07b9a0587f50e5d3346eaa19019cf3f86c0ea",
            "id": "CVE-2024-46710-7a35a23d",
            "deprecated": false,
            "digest": {
                "length": 938.0,
                "function_hash": "336164078857770144062184924288757006175"
            },
            "signature_type": "Function"
        },
        {
            "target": {
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.c"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aba07b9a0587f50e5d3346eaa19019cf3f86c0ea",
            "id": "CVE-2024-46710-7a586996",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "243251785461686692886536562006194674013",
                    "30887265825432129638805758264099260387",
                    "225683605249269573160052090760425280558",
                    "282846655047840516331823527645317326936",
                    "39302318264769077636374043955522028566",
                    "274144019191385544036023664452990431251",
                    "48258138051347723650676641592591117354",
                    "95887430753707775582108782988173936048",
                    "311482366858735193176706173382943219123",
                    "286564609000591479216895259143359065089",
                    "315653671614746477355060691982991664733",
                    "202687502076712139427260431584182324773",
                    "106097103044821794235917840067160589037",
                    "259483553206777316877821641491574978049",
                    "92965231024331324975056402682532242995"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "target": {
                "function": "vmw_bo_unmap",
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.c"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0851b1ec650adadcaa23ec96daad95a55bf966f0",
            "id": "CVE-2024-46710-7d640822",
            "deprecated": false,
            "digest": {
                "length": 135.0,
                "function_hash": "69388497224851353675338781459271036615"
            },
            "signature_type": "Function"
        },
        {
            "target": {
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.h"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5228d158e4c0b1663b3983044913c15c3d0135e",
            "id": "CVE-2024-46710-894a13f7",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "250726935088525921285307948262699257794",
                    "205443635394292925452017601569221529979",
                    "171493048320499205926190204679467128259",
                    "77389709827922392889188850459915308534",
                    "221306409324678046749444617893381977521",
                    "251211005571952952663710519927540172687"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "target": {
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.h"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0851b1ec650adadcaa23ec96daad95a55bf966f0",
            "id": "CVE-2024-46710-895c63c9",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "250726935088525921285307948262699257794",
                    "205443635394292925452017601569221529979",
                    "171493048320499205926190204679467128259",
                    "245577502758184604448100486488798775465",
                    "53179790404837315023502345469794198424",
                    "329625608102520409416321595080996242448"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "target": {
                "function": "vmw_bo_unmap",
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.c"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@58a3714db4d9dcaeb9fc4905141e17b9f536c0a5",
            "id": "CVE-2024-46710-89ae6473",
            "deprecated": false,
            "digest": {
                "length": 108.0,
                "function_hash": "261326981196315998624495488850541489715"
            },
            "signature_type": "Function"
        },
        {
            "target": {
                "function": "vmw_bo_map_and_cache_size",
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.c"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5228d158e4c0b1663b3983044913c15c3d0135e",
            "id": "CVE-2024-46710-94f03c5a",
            "deprecated": false,
            "digest": {
                "length": 441.0,
                "function_hash": "100599907121176654900666453854271050021"
            },
            "signature_type": "Function"
        },
        {
            "target": {
                "function": "vmw_bo_init",
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.c"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@58a3714db4d9dcaeb9fc4905141e17b9f536c0a5",
            "id": "CVE-2024-46710-95798bbf",
            "deprecated": false,
            "digest": {
                "length": 776.0,
                "function_hash": "229895211689761213652513873370177973865"
            },
            "signature_type": "Function"
        },
        {
            "target": {
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.h"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@aba07b9a0587f50e5d3346eaa19019cf3f86c0ea",
            "id": "CVE-2024-46710-acbb9c9e",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "250726935088525921285307948262699257794",
                    "205443635394292925452017601569221529979",
                    "171493048320499205926190204679467128259",
                    "77389709827922392889188850459915308534",
                    "221306409324678046749444617893381977521",
                    "251211005571952952663710519927540172687"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "target": {
                "function": "vmw_bo_unmap",
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.c"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5228d158e4c0b1663b3983044913c15c3d0135e",
            "id": "CVE-2024-46710-b1c52850",
            "deprecated": false,
            "digest": {
                "length": 135.0,
                "function_hash": "69388497224851353675338781459271036615"
            },
            "signature_type": "Function"
        },
        {
            "target": {
                "function": "vmw_bo_map_and_cache",
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.c"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@58a3714db4d9dcaeb9fc4905141e17b9f536c0a5",
            "id": "CVE-2024-46710-bffeaad6",
            "deprecated": false,
            "digest": {
                "length": 380.0,
                "function_hash": "333133284045618351519024408879143106608"
            },
            "signature_type": "Function"
        },
        {
            "target": {
                "function": "vmw_bo_map_and_cache",
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_bo.c"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0851b1ec650adadcaa23ec96daad95a55bf966f0",
            "id": "CVE-2024-46710-c22b9525",
            "deprecated": false,
            "digest": {
                "length": 382.0,
                "function_hash": "231575064398210248361700809244801533373"
            },
            "signature_type": "Function"
        },
        {
            "target": {
                "file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.h"
            },
            "signature_version": "v1",
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@58a3714db4d9dcaeb9fc4905141e17b9f536c0a5",
            "id": "CVE-2024-46710-ec846449",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "20301775069861146706350527620754338869",
                    "288189274881051922815485038916747998631",
                    "259578879069928814622951393639289514402",
                    "32745632627206477596415373950559773394",
                    "110411971208182471625321067793737005093",
                    "127669359748971133042034155007704087239"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        }
    ]
}

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.19.0

Fixed

6.1.113

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.54

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.10.8