CVE-2024-26979

May 1, 2024, 1:02 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix possible null pointer derefence with invalid contexts vmw_context_cotable can return either an error or a null pointer and its usage sometimes went unchecked. Subsequent code would then try to access either a null pointer or an error value. The invalid dereferences were only possible with malformed userspace apps which never properly initialized the rendering contexts. Check the results of vmw_context_cotable to fix the invalid derefs. Thanks: ziming zhang(@ezrak1e) from Ant Group Light-Year Security Lab who was the first person to discover it. Niels De Graef who reported it and helped to track down the poc.

Product(s) Impacted

Product Versions
Linux kernel

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/07c3fe923ff7eccf684fb4f8c953d0a7cc8ded73
https://git.kernel.org/stable/c/517621b7060096e48e42f545fa6646fc00252eac
https://git.kernel.org/stable/c/585fec7361e7850bead21fada49a7fcde2f2e791
https://git.kernel.org/stable/c/899e154f9546fcae18065d74064889d08fff62c2
https://git.kernel.org/stable/c/9cb3755b1e3680b720b74dbedfac889e904605c7
https://git.kernel.org/stable/c/c560327d900bab968c2e1b4cd7fa2d46cd429e3d
https://git.kernel.org/stable/c/ff41e0d4f3fa10d7cdd7d40f8026bea9fcc8b000

Tags

2024-05-01
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVE-2024-26979

Timeline

Published: May 1, 2024, 6:15 a.m.
Last Modified: May 1, 2024, 1:02 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.