SB20240531460 - NULL pointer dereference in Linux kernel drm vmwgfx driver
Published: May 31, 2024 Updated: May 14, 2025
Security Bulletin ID
SB20240531460
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2024-26979)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vmw_resource_context_res_add(), vmw_cmd_dx_define_query(), vmw_cmd_dx_view_define(), vmw_cmd_dx_so_define(), vmw_cmd_dx_define_shader() and vmw_cmd_dx_define_streamoutput() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/c560327d900bab968c2e1b4cd7fa2d46cd429e3d
- https://git.kernel.org/stable/c/899e154f9546fcae18065d74064889d08fff62c2
- https://git.kernel.org/stable/c/07c3fe923ff7eccf684fb4f8c953d0a7cc8ded73
- https://git.kernel.org/stable/c/ff41e0d4f3fa10d7cdd7d40f8026bea9fcc8b000
- https://git.kernel.org/stable/c/9cb3755b1e3680b720b74dbedfac889e904605c7
- https://git.kernel.org/stable/c/585fec7361e7850bead21fada49a7fcde2f2e791
- https://git.kernel.org/stable/c/517621b7060096e48e42f545fa6646fc00252eac
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.154
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.3