CVE-2024-58091

DMA areas are not necessarily backed by struct page, so we cannot rely on it for deferred I/O. Allocate a shadow buffer for drivers that require deferred I/O and use it as framebuffer memory.

Fixes driver errors about being "Unable to handle kernel NULL pointer dereference at virtual address" or "Unable to handle kernel paging request at virtual address".

The patch splits drmfbdevdmadriverfbdev_probe() in an initial allocation, which creates the DMA-backed buffer object, and a tail that sets up the fbdev data structures. There is a tail function for direct memory mappings and a tail function for deferred I/O with the shadow buffer.

It is no longer possible to use deferred I/O without shadow buffer. It can be re-added if there exists a reliably test for usable struct page in the allocated DMA-backed buffer object.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

5ab91447aa13b8b98bc11f5326f33500b0ee2c48

Fixed

0d087de947babf7ed70029d042abcc6ed06ff415

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

5ab91447aa13b8b98bc11f5326f33500b0ee2c48

Fixed

cdc581169942de3b9e2648cfbd98c5ff9111c2c8

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

5ab91447aa13b8b98bc11f5326f33500b0ee2c48

Fixed

3603996432997f7c88da37a97062a46cda01ac9d

Affected versions

v6.*

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.2

v6.12.20

v6.12.21

v6.12.22

v6.12.23

v6.12.24

v6.12.25

v6.12.26

v6.12.27

v6.12.28

v6.12.29

v6.12.3

v6.12.30

v6.12.31

v6.12.32

v6.12.33

v6.12.34

v6.12.35

v6.12.4

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.13.1

v6.13.2

v6.13.3

v6.13.4

v6.13.5

v6.9

v6.9-rc7

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "drivers/gpu/drm/drm_fbdev_dma.c",
            "function": "drm_fbdev_dma_helper_fb_dirty"
        },
        "digest": {
            "length": 395.0,
            "function_hash": "94615236967181567710377068804779559458"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0d087de947babf7ed70029d042abcc6ed06ff415",
        "signature_version": "v1",
        "id": "CVE-2024-58091-0df179a2"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "drivers/gpu/drm/drm_fbdev_dma.c",
            "function": "drm_fbdev_dma_driver_fbdev_probe"
        },
        "digest": {
            "length": 2279.0,
            "function_hash": "58881136122900257218429514007342169458"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3603996432997f7c88da37a97062a46cda01ac9d",
        "signature_version": "v1",
        "id": "CVE-2024-58091-154172d8"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "drivers/gpu/drm/drm_fbdev_dma.c"
        },
        "digest": {
            "line_hashes": [
                "320300295524139891077204117920571053570",
                "303457546395153535919988019061821950323",
                "210600500244043658547626135967694605792",
                "61984098886222207694231927591845830938",
                "214210197635080525196923651867780307493",
                "173000399705900118775241704686973656114",
                "220937341878690336961226717699266406142",
                "318630882280888969253949022386454229155",
                "110985449386465484722304992804876253654",
                "11366092006026338790315980909196871841",
                "322473243491943396871481869167176144904",
                "57939065698013033966840060924220281590",
                "186031882404911798468000617667373539272",
                "81601880776360881741030082038447041796",
                "89213440724646947688200223606444015518",
                "149827601039287454096495635638534169050",
                "144102536521727371802774769457327408585",
                "202268717853141363832645646223182201117",
                "320116403521782317901853574632471294169",
                "95405471340546872454428481986919394836",
                "320739086773964378489997912433824632074",
                "57314978476581684954626162882125099189",
                "251718039988207862484262220463594334236",
                "236566480988992676837830420867390658292",
                "9272079840922710356054025503224304820",
                "121429700695796299949016548278501740472",
                "85394101957972149896337463203596335693",
                "105099142014008520197192979964089648851",
                "303482245285285762413914046922739348770",
                "56471872306419060783024702307950284524",
                "75935869352101889958211382574837792791",
                "182866884100399177263780753198825106755",
                "27288678187878534723210210059642981609",
                "263450440127104641758666024535387893745",
                "23115769085931399036186797064665248043",
                "252959884495565938101055316322509949584",
                "105024229158567755071523104316705081786",
                "128642629909035948380606874883488803196",
                "179310261944758076543923198260801980450",
                "52891911820380624511464462336006422943",
                "232376341445025461391178074685303786851",
                "279495442377770560123192407249973479327",
                "148298830801725455998976703083267111489",
                "316570145226257638246622884989816259878",
                "47117793135968056617845745770953969095",
                "273736190784289359611076682859209128121",
                "48959864361504708607319346882980453270",
                "274264528607565822728726695320963647378",
                "41260922880145705382727268770673597522",
                "251950179138204867996734901549338954099",
                "60853594800636043230818876457889092632",
                "228501208840571082590494394201977908143",
                "68931953692482446615576497231908792747",
                "235941927992378781170219106159065127418",
                "44895501132134832367513007969735853884",
                "220917442411156144958497789833250108387",
                "224673635283038707910724209222556274467",
                "239707438854101651629095851523626035190",
                "299599358159364129274475006642600951962",
                "247604134839897905652470930200258125387",
                "15963221629138844585640129577205631005",
                "114454972343014851074818882326667534597",
                "94176709718158166010649125165968011190",
                "291586661748332180048061460905478135042",
                "190328617271921129323260820751078698144",
                "166297094204425992891491987157971506432",
                "107839997716710637127712744514026975467",
                "41582122847215346106637397386923869863",
                "52463068077513186831981010432782796771",
                "214992833299913374997289090665820258967",
                "129790044004200777174338095247492142654",
                "213183128498620099841870106095307229110",
                "171659966334914658958796948003861924036",
                "43461359082231635435672362047790376068",
                "335126710587527301783302680560316332154",
                "281384660061330420818955358076758841640",
                "188361313337520031190514271546197098830",
                "228798447455418981245978596911431783501"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3603996432997f7c88da37a97062a46cda01ac9d",
        "signature_version": "v1",
        "id": "CVE-2024-58091-31222a7e"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "drivers/gpu/drm/drm_fbdev_dma.c",
            "function": "drm_fbdev_dma_deferred_fb_mmap"
        },
        "digest": {
            "length": 281.0,
            "function_hash": "199979090597321328168655055729246899268"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0d087de947babf7ed70029d042abcc6ed06ff415",
        "signature_version": "v1",
        "id": "CVE-2024-58091-3b4024ac"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "drivers/gpu/drm/drm_fbdev_dma.c",
            "function": "drm_fbdev_dma_driver_fbdev_probe"
        },
        "digest": {
            "length": 2279.0,
            "function_hash": "58881136122900257218429514007342169458"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0d087de947babf7ed70029d042abcc6ed06ff415",
        "signature_version": "v1",
        "id": "CVE-2024-58091-6b9c3f57"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "drivers/gpu/drm/drm_fbdev_dma.c",
            "function": "drm_fbdev_dma_helper_fb_dirty"
        },
        "digest": {
            "length": 395.0,
            "function_hash": "94615236967181567710377068804779559458"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cdc581169942de3b9e2648cfbd98c5ff9111c2c8",
        "signature_version": "v1",
        "id": "CVE-2024-58091-932bfa75"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "drivers/gpu/drm/drm_fbdev_dma.c",
            "function": "drm_fbdev_dma_helper_fb_dirty"
        },
        "digest": {
            "length": 395.0,
            "function_hash": "94615236967181567710377068804779559458"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3603996432997f7c88da37a97062a46cda01ac9d",
        "signature_version": "v1",
        "id": "CVE-2024-58091-a81be766"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "drivers/gpu/drm/drm_fbdev_dma.c"
        },
        "digest": {
            "line_hashes": [
                "320300295524139891077204117920571053570",
                "303457546395153535919988019061821950323",
                "210600500244043658547626135967694605792",
                "61984098886222207694231927591845830938",
                "214210197635080525196923651867780307493",
                "173000399705900118775241704686973656114",
                "220937341878690336961226717699266406142",
                "318630882280888969253949022386454229155",
                "110985449386465484722304992804876253654",
                "11366092006026338790315980909196871841",
                "322473243491943396871481869167176144904",
                "57939065698013033966840060924220281590",
                "186031882404911798468000617667373539272",
                "81601880776360881741030082038447041796",
                "89213440724646947688200223606444015518",
                "149827601039287454096495635638534169050",
                "144102536521727371802774769457327408585",
                "202268717853141363832645646223182201117",
                "320116403521782317901853574632471294169",
                "95405471340546872454428481986919394836",
                "320739086773964378489997912433824632074",
                "57314978476581684954626162882125099189",
                "251718039988207862484262220463594334236",
                "236566480988992676837830420867390658292",
                "9272079840922710356054025503224304820",
                "121429700695796299949016548278501740472",
                "85394101957972149896337463203596335693",
                "105099142014008520197192979964089648851",
                "303482245285285762413914046922739348770",
                "56471872306419060783024702307950284524",
                "75935869352101889958211382574837792791",
                "182866884100399177263780753198825106755",
                "27288678187878534723210210059642981609",
                "263450440127104641758666024535387893745",
                "23115769085931399036186797064665248043",
                "252959884495565938101055316322509949584",
                "105024229158567755071523104316705081786",
                "128642629909035948380606874883488803196",
                "179310261944758076543923198260801980450",
                "52891911820380624511464462336006422943",
                "232376341445025461391178074685303786851",
                "279495442377770560123192407249973479327",
                "148298830801725455998976703083267111489",
                "316570145226257638246622884989816259878",
                "47117793135968056617845745770953969095",
                "273736190784289359611076682859209128121",
                "48959864361504708607319346882980453270",
                "274264528607565822728726695320963647378",
                "41260922880145705382727268770673597522",
                "251950179138204867996734901549338954099",
                "60853594800636043230818876457889092632",
                "228501208840571082590494394201977908143",
                "68931953692482446615576497231908792747",
                "235941927992378781170219106159065127418",
                "44895501132134832367513007969735853884",
                "220917442411156144958497789833250108387",
                "224673635283038707910724209222556274467",
                "239707438854101651629095851523626035190",
                "299599358159364129274475006642600951962",
                "247604134839897905652470930200258125387",
                "15963221629138844585640129577205631005",
                "114454972343014851074818882326667534597",
                "94176709718158166010649125165968011190",
                "291586661748332180048061460905478135042",
                "190328617271921129323260820751078698144",
                "166297094204425992891491987157971506432",
                "107839997716710637127712744514026975467",
                "41582122847215346106637397386923869863",
                "52463068077513186831981010432782796771",
                "214992833299913374997289090665820258967",
                "129790044004200777174338095247492142654",
                "213183128498620099841870106095307229110",
                "171659966334914658958796948003861924036",
                "43461359082231635435672362047790376068",
                "335126710587527301783302680560316332154",
                "281384660061330420818955358076758841640",
                "188361313337520031190514271546197098830",
                "228798447455418981245978596911431783501"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cdc581169942de3b9e2648cfbd98c5ff9111c2c8",
        "signature_version": "v1",
        "id": "CVE-2024-58091-b2a1c44d"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "drivers/gpu/drm/drm_fbdev_dma.c"
        },
        "digest": {
            "line_hashes": [
                "300761210362620434125112299118637828194",
                "303457546395153535919988019061821950323",
                "210600500244043658547626135967694605792",
                "61984098886222207694231927591845830938",
                "214210197635080525196923651867780307493",
                "173000399705900118775241704686973656114",
                "220937341878690336961226717699266406142",
                "318630882280888969253949022386454229155",
                "110985449386465484722304992804876253654",
                "11366092006026338790315980909196871841",
                "322473243491943396871481869167176144904",
                "57939065698013033966840060924220281590",
                "186031882404911798468000617667373539272",
                "81601880776360881741030082038447041796",
                "89213440724646947688200223606444015518",
                "149827601039287454096495635638534169050",
                "144102536521727371802774769457327408585",
                "202268717853141363832645646223182201117",
                "320116403521782317901853574632471294169",
                "95405471340546872454428481986919394836",
                "320739086773964378489997912433824632074",
                "57314978476581684954626162882125099189",
                "251718039988207862484262220463594334236",
                "252805842819149455045201627118218182696",
                "268769686294263029054798466182329342101",
                "119977598482722008269552472061593544272",
                "162315647728577880085141378727805269372",
                "77910455696732440249260053500872268080",
                "251562012273698024315897196450734594008",
                "51323596584199551837866673699472317417",
                "61360266644289263971353792632166468618",
                "85394101957972149896337463203596335693",
                "105099142014008520197192979964089648851",
                "303482245285285762413914046922739348770",
                "56471872306419060783024702307950284524",
                "123617532920050648778203200143545504677",
                "182866884100399177263780753198825106755",
                "27288678187878534723210210059642981609",
                "263450440127104641758666024535387893745",
                "23115769085931399036186797064665248043",
                "252959884495565938101055316322509949584",
                "105024229158567755071523104316705081786",
                "128642629909035948380606874883488803196",
                "179310261944758076543923198260801980450",
                "52891911820380624511464462336006422943",
                "232376341445025461391178074685303786851",
                "279495442377770560123192407249973479327",
                "148298830801725455998976703083267111489",
                "316570145226257638246622884989816259878",
                "47117793135968056617845745770953969095",
                "273736190784289359611076682859209128121",
                "48959864361504708607319346882980453270",
                "274264528607565822728726695320963647378",
                "41260922880145705382727268770673597522",
                "251950179138204867996734901549338954099",
                "60853594800636043230818876457889092632",
                "228501208840571082590494394201977908143",
                "68931953692482446615576497231908792747",
                "235941927992378781170219106159065127418",
                "44895501132134832367513007969735853884",
                "220917442411156144958497789833250108387",
                "224673635283038707910724209222556274467",
                "239707438854101651629095851523626035190",
                "299599358159364129274475006642600951962",
                "247604134839897905652470930200258125387",
                "15963221629138844585640129577205631005",
                "114454972343014851074818882326667534597",
                "94176709718158166010649125165968011190",
                "291586661748332180048061460905478135042",
                "190328617271921129323260820751078698144",
                "166297094204425992891491987157971506432",
                "107839997716710637127712744514026975467",
                "41582122847215346106637397386923869863",
                "52463068077513186831981010432782796771",
                "214992833299913374997289090665820258967",
                "129790044004200777174338095247492142654",
                "213183128498620099841870106095307229110",
                "171659966334914658958796948003861924036",
                "43461359082231635435672362047790376068",
                "335126710587527301783302680560316332154",
                "281384660061330420818955358076758841640",
                "188361313337520031190514271546197098830",
                "228798447455418981245978596911431783501"
            ],
            "threshold": 0.9
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0d087de947babf7ed70029d042abcc6ed06ff415",
        "signature_version": "v1",
        "id": "CVE-2024-58091-bd245b77"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "drivers/gpu/drm/drm_fbdev_dma.c",
            "function": "drm_fbdev_dma_deferred_fb_mmap"
        },
        "digest": {
            "length": 281.0,
            "function_hash": "199979090597321328168655055729246899268"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3603996432997f7c88da37a97062a46cda01ac9d",
        "signature_version": "v1",
        "id": "CVE-2024-58091-d370737f"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "drivers/gpu/drm/drm_fbdev_dma.c",
            "function": "drm_fbdev_dma_driver_fbdev_probe"
        },
        "digest": {
            "length": 2279.0,
            "function_hash": "58881136122900257218429514007342169458"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cdc581169942de3b9e2648cfbd98c5ff9111c2c8",
        "signature_version": "v1",
        "id": "CVE-2024-58091-d44c2f23"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "drivers/gpu/drm/drm_fbdev_dma.c",
            "function": "drm_fbdev_dma_deferred_fb_mmap"
        },
        "digest": {
            "length": 281.0,
            "function_hash": "199979090597321328168655055729246899268"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cdc581169942de3b9e2648cfbd98c5ff9111c2c8",
        "signature_version": "v1",
        "id": "CVE-2024-58091-e3366550"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.11.0

Fixed

6.12.36

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.13.6