{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35786", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T12:19:12.338Z", "datePublished": "2024-05-17T12:24:31.510Z", "dateUpdated": "2024-12-19T08:55:08.907Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:55:08.907Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf\n\nIf VM_BIND is enabled on the client the legacy submission ioctl can't be\nused, however if a client tries to do so regardless it will return an\nerror. In this case the clients mutex remained unlocked leading to a\ndeadlock inside nouveau_drm_postclose or any other nouveau ioctl call."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/nouveau/nouveau_gem.c"], "versions": [{"version": "b88baab828713ce0b49b185444b2ee83bed373a8", "lessThan": "c288a61a48ddb77ec097e11ab81b81027cd4e197", "status": "affected", "versionType": "git"}, {"version": "b88baab828713ce0b49b185444b2ee83bed373a8", "lessThan": "b466416bdd6ecbde15ce987226ea633a0268fbb1", "status": "affected", "versionType": "git"}, {"version": "b88baab828713ce0b49b185444b2ee83bed373a8", "lessThan": "daf8739c3322a762ce84f240f50e0c39181a41ab", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/nouveau/nouveau_gem.c"], "versions": [{"version": "6.6", "status": "affected"}, {"version": "0", "lessThan": "6.6", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.24", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.12", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/c288a61a48ddb77ec097e11ab81b81027cd4e197"}, {"url": "https://git.kernel.org/stable/c/b466416bdd6ecbde15ce987226ea633a0268fbb1"}, {"url": "https://git.kernel.org/stable/c/daf8739c3322a762ce84f240f50e0c39181a41ab"}], "title": "drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:39:26.855880Z", "id": "CVE-2024-35786", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:43:31.179Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.350Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c288a61a48ddb77ec097e11ab81b81027cd4e197", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b466416bdd6ecbde15ce987226ea633a0268fbb1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/daf8739c3322a762ce84f240f50e0c39181a41ab", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c288a61a48ddb77ec097e11ab81b81027cd4e197", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b466416bdd6ecbde15ce987226ea633a0268fbb1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/daf8739c3322a762ce84f240f50e0c39181a41ab", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.350Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35786", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:39:26.855880Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:39:27.811Z"}}], "cna": {"title": "drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "b88baab828713ce0b49b185444b2ee83bed373a8", "lessThan": "c288a61a48ddb77ec097e11ab81b81027cd4e197", "versionType": "git"}, {"status": "affected", "version": "b88baab828713ce0b49b185444b2ee83bed373a8", "lessThan": "b466416bdd6ecbde15ce987226ea633a0268fbb1", "versionType": "git"}, {"status": "affected", "version": "b88baab828713ce0b49b185444b2ee83bed373a8", "lessThan": "daf8739c3322a762ce84f240f50e0c39181a41ab", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/nouveau/nouveau_gem.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.6"}, {"status": "unaffected", "version": "0", "lessThan": "6.6", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.24", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.12", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/nouveau/nouveau_gem.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/c288a61a48ddb77ec097e11ab81b81027cd4e197"}, {"url": "https://git.kernel.org/stable/c/b466416bdd6ecbde15ce987226ea633a0268fbb1"}, {"url": "https://git.kernel.org/stable/c/daf8739c3322a762ce84f240f50e0c39181a41ab"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf\n\nIf VM_BIND is enabled on the client the legacy submission ioctl can't be\nused, however if a client tries to do so regardless it will return an\nerror. In this case the clients mutex remained unlocked leading to a\ndeadlock inside nouveau_drm_postclose or any other nouveau ioctl call."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:55:08.907Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35786", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:55:08.907Z", "dateReserved": "2024-05-17T12:19:12.338Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T12:24:31.510Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A32A237-A8EE-4654-9BB7-94C95ED898F1", "versionEndExcluding": "6.6.24", "versionStartIncluding": "6.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BE9771A-BAFD-4624-95F9-58D536540C53", "versionEndExcluding": "6.7.12", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*", "matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*", "matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*", "matchCriteriaId": "AEB9199B-AB8F-4877-8964-E2BA95B5F15C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf\n\nIf VM_BIND is enabled on the client the legacy submission ioctl can't be\nused, however if a client tries to do so regardless it will return an\nerror. In this case the clients mutex remained unlocked leading to a\ndeadlock inside nouveau_drm_postclose or any other nouveau ioctl call."}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/nouveau: corrige el mutex bloqueado obsoleto en nouveau_gem_ioctl_pushbuf. Si VM_BIND est\u00e1 habilitado en el cliente, el ioctl de env\u00edo heredado no se puede usar; sin embargo, si un cliente intenta hacerlo independientemente, lo har\u00e1. devolver un error. En este caso, el mutex del cliente permaneci\u00f3 desbloqueado, lo que provoc\u00f3 un punto muerto dentro de nouveau_drm_postclose o cualquier otra llamada nouveau ioctl."}], "id": "CVE-2024-35786", "lastModified": "2025-01-10T18:10:34.873", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-17T13:15:58.490", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b466416bdd6ecbde15ce987226ea633a0268fbb1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c288a61a48ddb77ec097e11ab81b81027cd4e197"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/daf8739c3322a762ce84f240f50e0c39181a41ab"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b466416bdd6ecbde15ce987226ea633a0268fbb1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c288a61a48ddb77ec097e11ab81b81027cd4e197"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/daf8739c3322a762ce84f240f50e0c39181a41ab"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf", "id": "2281063", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281063"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf\nIf VM_BIND is enabled on the client the legacy submission ioctl can't be\nused, however if a client tries to do so regardless it will return an\nerror. In this case the clients mutex remained unlocked leading to a\ndeadlock inside nouveau_drm_postclose or any other nouveau ioctl call."], "name": "CVE-2024-35786", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35786\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35786\nhttps://lore.kernel.org/linux-cve-announce/2024051707-CVE-2024-35786-0d93@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 6.6.24, kernel 6.7.12, kernel 6.8"}