{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35810", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T12:19:12.342Z", "datePublished": "2024-05-17T13:23:16.829Z", "dateUpdated": "2024-09-11T17:32:51.914Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:29:24.163Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix the lifetime of the bo cursor memory\n\nThe cleanup can be dispatched while the atomic update is still active,\nwhich means that the memory acquired in the atomic update needs to\nnot be invalidated by the cleanup. The buffer objects in vmw_plane_state\ninstead of using the builtin map_and_cache were trying to handle\nthe lifetime of the mapped memory themselves, leading to crashes.\n\nUse the map_and_cache instead of trying to manage the lifetime of the\nbuffer objects held by the vmw_plane_state.\n\nFixes kernel oops'es in IGT's kms_cursor_legacy forked-bo."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/vmwgfx/vmwgfx_kms.c"], "versions": [{"version": "bb6780aa5a1d", "lessThan": "86cb706a40b7", "status": "affected", "versionType": "git"}, {"version": "bb6780aa5a1d", "lessThan": "104a5b2772bc", "status": "affected", "versionType": "git"}, {"version": "bb6780aa5a1d", "lessThan": "ed381800ea6d", "status": "affected", "versionType": "git"}, {"version": "bb6780aa5a1d", "lessThan": "9a9e8a7159ca", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/vmwgfx/vmwgfx_kms.c"], "versions": [{"version": "6.2", "status": "affected"}, {"version": "0", "lessThan": "6.2", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.24", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.12", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8.3", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/86cb706a40b7e6b2221ee49a298a65ad9b46c02d"}, {"url": "https://git.kernel.org/stable/c/104a5b2772bc7c0715ae7355ccf9d294a472765c"}, {"url": "https://git.kernel.org/stable/c/ed381800ea6d9a4c7f199235a471c0c48100f0ae"}, {"url": "https://git.kernel.org/stable/c/9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76"}], "title": "drm/vmwgfx: Fix the lifetime of the bo cursor memory", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.494Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/86cb706a40b7e6b2221ee49a298a65ad9b46c02d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/104a5b2772bc7c0715ae7355ccf9d294a472765c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ed381800ea6d9a4c7f199235a471c0c48100f0ae", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35810", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:42:38.486904Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:32:51.914Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/86cb706a40b7e6b2221ee49a298a65ad9b46c02d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/104a5b2772bc7c0715ae7355ccf9d294a472765c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ed381800ea6d9a4c7f199235a471c0c48100f0ae", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.494Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35810", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:42:38.486904Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:13.136Z"}}], "cna": {"title": "drm/vmwgfx: Fix the lifetime of the bo cursor memory", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "bb6780aa5a1d", "lessThan": "86cb706a40b7", "versionType": "git"}, {"status": "affected", "version": "bb6780aa5a1d", "lessThan": "104a5b2772bc", "versionType": "git"}, {"status": "affected", "version": "bb6780aa5a1d", "lessThan": "ed381800ea6d", "versionType": "git"}, {"status": "affected", "version": "bb6780aa5a1d", "lessThan": "9a9e8a7159ca", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/vmwgfx/vmwgfx_kms.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.2"}, {"status": "unaffected", "version": "0", "lessThan": "6.2", "versionType": "custom"}, {"status": "unaffected", "version": "6.6.24", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.12", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.3", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/vmwgfx/vmwgfx_kms.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/86cb706a40b7e6b2221ee49a298a65ad9b46c02d"}, {"url": "https://git.kernel.org/stable/c/104a5b2772bc7c0715ae7355ccf9d294a472765c"}, {"url": "https://git.kernel.org/stable/c/ed381800ea6d9a4c7f199235a471c0c48100f0ae"}, {"url": "https://git.kernel.org/stable/c/9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix the lifetime of the bo cursor memory\n\nThe cleanup can be dispatched while the atomic update is still active,\nwhich means that the memory acquired in the atomic update needs to\nnot be invalidated by the cleanup. The buffer objects in vmw_plane_state\ninstead of using the builtin map_and_cache were trying to handle\nthe lifetime of the mapped memory themselves, leading to crashes.\n\nUse the map_and_cache instead of trying to manage the lifetime of the\nbuffer objects held by the vmw_plane_state.\n\nFixes kernel oops'es in IGT's kms_cursor_legacy forked-bo."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:29:24.163Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35810", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:32:51.914Z", "dateReserved": "2024-05-17T12:19:12.342Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T13:23:16.829Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix the lifetime of the bo cursor memory\n\nThe cleanup can be dispatched while the atomic update is still active,\nwhich means that the memory acquired in the atomic update needs to\nnot be invalidated by the cleanup. The buffer objects in vmw_plane_state\ninstead of using the builtin map_and_cache were trying to handle\nthe lifetime of the mapped memory themselves, leading to crashes.\n\nUse the map_and_cache instead of trying to manage the lifetime of the\nbuffer objects held by the vmw_plane_state.\n\nFixes kernel oops'es in IGT's kms_cursor_legacy forked-bo."}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/vmwgfx: corregida la vida \u00fatil de la memoria del cursor bo. La sanitizaci\u00f3n se puede realizar mientras la actualizaci\u00f3n at\u00f3mica a\u00fan est\u00e1 activa, lo que significa que la memoria adquirida en la actualizaci\u00f3n at\u00f3mica no necesita ser invalidado por la limpieza. Los objetos del b\u00fafer en vmw_plane_state, en lugar de utilizar el map_and_cache incorporado, intentaban manejar ellos mismos la vida \u00fatil de la memoria asignada, lo que provocaba fallos. Utilice map_and_cache en lugar de intentar administrar la vida \u00fatil de los objetos del b\u00fafer retenidos por vmw_plane_state. Corrige los errores del kernel en kms_cursor_legacy forked-bo de IGT."}], "id": "CVE-2024-35810", "lastModified": "2024-05-17T18:35:35.070", "metrics": {}, "published": "2024-05-17T14:15:14.970", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/104a5b2772bc7c0715ae7355ccf9d294a472765c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/86cb706a40b7e6b2221ee49a298a65ad9b46c02d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ed381800ea6d9a4c7f199235a471c0c48100f0ae"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}], "bugzilla": {"description": "kernel: drm/vmwgfx: Fix the lifetime of the bo cursor memory", "id": "2281215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281215"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/vmwgfx: Fix the lifetime of the bo cursor memory\nThe cleanup can be dispatched while the atomic update is still active,\nwhich means that the memory acquired in the atomic update needs to\nnot be invalidated by the cleanup. The buffer objects in vmw_plane_state\ninstead of using the builtin map_and_cache were trying to handle\nthe lifetime of the mapped memory themselves, leading to crashes.\nUse the map_and_cache instead of trying to manage the lifetime of the\nbuffer objects held by the vmw_plane_state.\nFixes kernel oops'es in IGT's kms_cursor_legacy forked-bo.", "A vulnerability was found in the drm/vmwgfx driver in the Linux kernel, concerning the lifetime management of the buffer object (BO) cursor memory. This issue occurs due to improper handling of the cursor memory's lifecycle, which could lead to use-after-free errors or crashes."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35810", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35810\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35810\nhttps://lore.kernel.org/linux-cve-announce/2024051741-CVE-2024-35810-1b33@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 6.6.24, kernel 6.7.12, kernel 6.8.3, kernel 6.9"}