{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-35951", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.135Z", "datePublished": "2024-05-20T09:41:45.999Z", "dateUpdated": "2025-05-04T09:09:05.371Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:09:05.371Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()\n\nSubject: [PATCH] drm/panfrost: Fix the error path in\n panfrost_mmu_map_fault_addr()\n\nIf some the pages or sgt allocation failed, we shouldn't release the\npages ref we got earlier, otherwise we will end up with unbalanced\nget/put_pages() calls. We should instead leave everything in place\nand let the BO release function deal with extra cleanup when the object\nis destroyed, or let the fault handler try again next time it's called."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/panfrost/panfrost_mmu.c"], "versions": [{"version": "187d2929206e6b098312c174ea873e4cedf5420d", "lessThan": "31806711e8a4b75e09b1c43652f2a6420e6e1002", "status": "affected", "versionType": "git"}, {"version": "187d2929206e6b098312c174ea873e4cedf5420d", "lessThan": "e18070c622c63f0cab170348e320454728c277aa", "status": "affected", "versionType": "git"}, {"version": "187d2929206e6b098312c174ea873e4cedf5420d", "lessThan": "1fc9af813b25e146d3607669247d0f970f5a87c3", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/panfrost/panfrost_mmu.c"], "versions": [{"version": "5.4", "status": "affected"}, {"version": "0", "lessThan": "5.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.28", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.7", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "6.6.28"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "6.8.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/31806711e8a4b75e09b1c43652f2a6420e6e1002"}, {"url": "https://git.kernel.org/stable/c/e18070c622c63f0cab170348e320454728c277aa"}, {"url": "https://git.kernel.org/stable/c/1fc9af813b25e146d3607669247d0f970f5a87c3"}], "title": "drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35951", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T19:20:08.650498Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:33:35.617Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.983Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/31806711e8a4b75e09b1c43652f2a6420e6e1002", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e18070c622c63f0cab170348e320454728c277aa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1fc9af813b25e146d3607669247d0f970f5a87c3", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/30/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/30/1", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/31806711e8a4b75e09b1c43652f2a6420e6e1002", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e18070c622c63f0cab170348e320454728c277aa", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1fc9af813b25e146d3607669247d0f970f5a87c3", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/30/2", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/05/30/1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.983Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35951", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T19:20:08.650498Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:20:13.671Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "187d2929206e6b098312c174ea873e4cedf5420d", "lessThan": "31806711e8a4b75e09b1c43652f2a6420e6e1002", "versionType": "git"}, {"status": "affected", "version": "187d2929206e6b098312c174ea873e4cedf5420d", "lessThan": "e18070c622c63f0cab170348e320454728c277aa", "versionType": "git"}, {"status": "affected", "version": "187d2929206e6b098312c174ea873e4cedf5420d", "lessThan": "1fc9af813b25e146d3607669247d0f970f5a87c3", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/panfrost/panfrost_mmu.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.4"}, {"status": "unaffected", "version": "0", "lessThan": "5.4", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.28", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.7", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/panfrost/panfrost_mmu.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/31806711e8a4b75e09b1c43652f2a6420e6e1002"}, {"url": "https://git.kernel.org/stable/c/e18070c622c63f0cab170348e320454728c277aa"}, {"url": "https://git.kernel.org/stable/c/1fc9af813b25e146d3607669247d0f970f5a87c3"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()\n\nSubject: [PATCH] drm/panfrost: Fix the error path in\n panfrost_mmu_map_fault_addr()\n\nIf some the pages or sgt allocation failed, we shouldn't release the\npages ref we got earlier, otherwise we will end up with unbalanced\nget/put_pages() calls. We should instead leave everything in place\nand let the BO release function deal with extra cleanup when the object\nis destroyed, or let the fault handler try again next time it's called."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.28", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8.7", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9", "versionStartIncluding": "5.4"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:09:05.371Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35951", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:09:05.371Z", "dateReserved": "2024-05-17T13:50:33.135Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-20T09:41:45.999Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()\n\nSubject: [PATCH] drm/panfrost: Fix the error path in\n panfrost_mmu_map_fault_addr()\n\nIf some the pages or sgt allocation failed, we shouldn't release the\npages ref we got earlier, otherwise we will end up with unbalanced\nget/put_pages() calls. We should instead leave everything in place\nand let the BO release function deal with extra cleanup when the object\nis destroyed, or let the fault handler try again next time it's called."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/panfrost: corrige la ruta de error en panfrost_mmu_map_fault_addr() Asunto: [PATCH] drm/panfrost: corrige la ruta de error en panfrost_mmu_map_fault_addr() Si algunas p\u00e1ginas o la asignaci\u00f3n de sgt fallaron, No deber\u00edamos publicar la referencia de p\u00e1ginas que obtuvimos anteriormente, de lo contrario terminaremos con llamadas get/put_pages() desequilibradas. En su lugar, deber\u00edamos dejar todo en su lugar y dejar que la funci\u00f3n de liberaci\u00f3n de BO se encargue de una limpieza adicional cuando se destruya el objeto, o dejar que el controlador de fallos lo intente nuevamente la pr\u00f3xima vez que se llame."}], "id": "CVE-2024-35951", "lastModified": "2024-11-21T09:21:16.630", "metrics": {}, "published": "2024-05-20T10:15:10.577", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1fc9af813b25e146d3607669247d0f970f5a87c3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/31806711e8a4b75e09b1c43652f2a6420e6e1002"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e18070c622c63f0cab170348e320454728c277aa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/05/30/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/05/30/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/1fc9af813b25e146d3607669247d0f970f5a87c3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/31806711e8a4b75e09b1c43652f2a6420e6e1002"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/e18070c622c63f0cab170348e320454728c277aa"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()", "id": "2281940", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281940"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()\nSubject: [PATCH] drm/panfrost: Fix the error path in\npanfrost_mmu_map_fault_addr()\nIf some the pages or sgt allocation failed, we shouldn't release the\npages ref we got earlier, otherwise we will end up with unbalanced\nget/put_pages() calls. We should instead leave everything in place\nand let the BO release function deal with extra cleanup when the object\nis destroyed, or let the fault handler try again next time it's called.", "A vulnerability was found in the panfrost_mmu_map_fault_addr() function in the Linux kernel's drm panfrost_mmu.c driver, where improper error handling and cleanup can lead to resource management problems and system instability. This occurs when the shmem_read_mapping_page() or sg_alloc_table_from_pages() functions fail, causing panfrost_mmu_map_fault_addr() to handle the error by freeing any allocated pages prematurely. By calling drm_gem_shmem_put_pages() prematurely, a potential double-free scenario can result, leading to memory corruption or resource leaks."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35951", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35951\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35951\nhttps://lore.kernel.org/linux-cve-announce/2024052017-CVE-2024-35951-d66a@gregkh/T"], "statement": "Red Hat Enterprise Linux is not impacted by this CVE, as this vulnerability does not affect the specific versions or configurations of the Linux kernel used in its distributions. This ensures that users of Red Hat Enterprise Linux are not exposed to the potential risks associated with this issue, and no further action or mitigation is necessary for systems running this operating system.", "threat_severity": "Moderate"}