CVE-2024-36960

high

Published 2024-11-12 · Modified 2024-08-08

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.0

Description

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure instead of to the drm_vmw_event_fence which is supposed to be read. drm_read uses the length parameter to copy the event to the user space thus resuling in oob reads.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description kernel: drm/vmwgfx: Fix invalid reads in fence signaled events CVSS v3: 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:51022024-08-08T00:00:00Z Red Hat Enterprise Linux 8kernel-0:4.18.0-553.16.1.el8_10RHSA-2024:51012024-08-08T00:00:00Z Red Hat…

Description

kernel: drm/vmwgfx: Fix invalid reads in fence signaled events

CVSS v3: 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 8	`kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10`	RHSA-2024:5102	2024-08-08T00:00:00Z
Red Hat Enterprise Linux 8	`kernel-0:4.18.0-553.16.1.el8_10`	RHSA-2024:5101	2024-08-08T00:00:00Z
Red Hat Enterprise Linux 9	`kernel-0:5.14.0-503.11.1.el9_5`	RHSA-2024:9315	2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9	`kernel-0:5.14.0-503.11.1.el9_5`	RHSA-2024:9315	2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support	`kernel-0:5.14.0-284.77.1.el9_2`	RHSA-2024:5066	2024-08-07T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support	`kernel-rt-0:5.14.0-284.77.1.rt14.362.el9_2`	RHSA-2024:5067	2024-08-07T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support	`kernel-0:5.14.0-427.47.1.el9_4`	RHSA-2024:10771	2024-12-04T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 10	`kernel`	Not affected
Red Hat Enterprise Linux 6	`kernel`	Out of support scope
Red Hat Enterprise Linux 7	`kernel`	Out of support scope
Red Hat Enterprise Linux 7	`kernel-rt`	Out of support scope
Red Hat Enterprise Linux 9	`kernel-rt`	Affected

Apply commands

bash fix

Apply RHSA-2024:5102 for Red Hat Enterprise Linux 8

yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rt

Affected

Vendor	Product	Version
redhat	Red Hat Enterprise Linux 10	`Not affected`
redhat	Red Hat Enterprise Linux 9	`Affected`

OS impact

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

AlmaLinux Fixed 1 release

Version	Status	Fixed in
8	Fixed	`kernel-doc-4.18.0-553.16.1.el8_10.noarch.rpm`

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`6.8.11-1`
sid	Fixed	`6.8.11-1`
forky	Fixed	`6.8.11-1`
bullseye	Fixed	`5.10.218-1`
bookworm	Fixed	`6.1.94-1`

Red Hat Fixed 2 releases

Version	Status	Fixed in
9	Fixed	—
8	Fixed	—

Rocky Linux Fixed 1 release

Version	Status	Fixed in
8	Fixed	—

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.