In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-dma: Add shadow buffering for deferred I/O DMA areas are not necessarily backed by struct page, so we cannot rely on it for deferred I/O. Allocate a shadow buffer for drivers that require deferred I/O and use it as framebuffer memory. Fixes driver errors about being "Unable to handle kernel NULL pointer dereference at virtual address" or "Unable to handle kernel paging request at virtual address". The patch splits drm_fbdev_dma_driver_fbdev_probe() in an initial allocation, which creates the DMA-backed buffer object, and a tail that sets up the fbdev data structures. There is a tail function for direct memory mappings and a tail function for deferred I/O with the shadow buffer. It is no longer possible to use deferred I/O without shadow buffer. It can be re-added if there exists a reliably test for usable struct page in the allocated DMA-backed buffer object.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

References
Link Providers
https://git.kernel.org/stable/c/0d087de947babf7ed70029d042abcc6ed06ff415 cve-icon cve-icon
https://git.kernel.org/stable/c/3603996432997f7c88da37a97062a46cda01ac9d cve-icon cve-icon
https://git.kernel.org/stable/c/cdc581169942de3b9e2648cfbd98c5ff9111c2c8 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025032709-CVE-2024-58091-a2a4@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-58091 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-58091 cve-icon
History

Sun, 06 Jul 2025 09:30:00 +0000

Type Values Removed Values Added
References

Wed, 02 Apr 2025 02:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Thu, 27 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-dma: Add shadow buffering for deferred I/O DMA areas are not necessarily backed by struct page, so we cannot rely on it for deferred I/O. Allocate a shadow buffer for drivers that require deferred I/O and use it as framebuffer memory. Fixes driver errors about being "Unable to handle kernel NULL pointer dereference at virtual address" or "Unable to handle kernel paging request at virtual address". The patch splits drm_fbdev_dma_driver_fbdev_probe() in an initial allocation, which creates the DMA-backed buffer object, and a tail that sets up the fbdev data structures. There is a tail function for direct memory mappings and a tail function for deferred I/O with the shadow buffer. It is no longer possible to use deferred I/O without shadow buffer. It can be re-added if there exists a reliably test for usable struct page in the allocated DMA-backed buffer object.
Title drm/fbdev-dma: Add shadow buffering for deferred I/O
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-07-06T09:08:48.847Z

Reserved: 2025-03-06T15:52:09.188Z

Link: CVE-2024-58091

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-03-27T15:15:54.237

Modified: 2025-07-06T10:15:23.140

Link: CVE-2024-58091

cve-icon Redhat

Severity : Low

Publid Date: 2025-03-27T00:00:00Z

Links: CVE-2024-58091 - Bugzilla