U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2024-26979

Change History

CVE Translated by kernel.org 6/12/2024 12:15:11 PM

Action Type Old Value New Value
Removed Translation 
Title: kernel de Linux
Description: En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/vmwgfx: corrige una posible desreferencia del puntero nulo con contextos no válidos. vmw_context_cotable puede devolver un error o un puntero nulo y, en ocasiones, su uso no se controlaba. El código posterior intentaría acceder a un puntero nulo o a un valor de error. Las desreferencias no válidas solo fueron posibles con aplicaciones de espacio de usuario con formato incorrecto que nunca inicializaron correctamente los contextos de representación. Verifique los resultados de vmw_context_cotable para corregir los derefs no válidos. Gracias: ziming zhang (@ezrak1e) de Ant Group Light-Year Security Lab, quien fue la primera persona en descubrirlo. Niels De Graef, quien lo informó y ayudó a localizar al poc.
 

								
								
					

				
			




		

	
		

			 
			

				CVE Modified by kernel.org 6/12/2024 12:15:11 PM
			



			

				 
					

						Action
						Type
						Old Value
						New Value
					

				
				
					

						Changed
						Description
						
							
							
								
							
								
In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Fix possible null pointer derefence with invalid contexts

vmw_context_cotable can return either an error or a null pointer and its
usage sometimes went unchecked. Subsequent code would then try to access
either a null pointer or an error value.

The invalid dereferences were only possible with malformed userspace
apps which never properly initialized the rendering contexts.

Check the results of vmw_context_cotable to fix the invalid derefs.

Thanks:
ziming zhang(@ezrak1e) from Ant Group Light-Year Security Lab
who was the first person to discover it.
Niels De Graef who reported it and helped to track down the poc.

								
							
							
								
							
						
								
							
								
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

								
								
					

					

						Removed
						CVSS V3.1
						
							
							
								
							
								
NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

								
							
							
								
							
						
								
							
								

								
								
					

					

						Removed
						CWE
						
							
							
								
							
								
NIST CWE-476

								
							
							
								
							
						
								
							
								

								
								
					

					

						Removed
						CPE Configuration
						
							
							
								
							
								
OR
     
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 from (excluding) 6.6.24
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 from (excluding) 6.7.12
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 from (excluding) 5.15.154
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 from (excluding) 5.10.215
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 from (excluding) 6.1.84
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.8 from (excluding) 6.8.3

								
							
							
								
							
						
								
							
								

								
								
					

					

						Removed
						Reference
						
							
							
								
							
								
kernel.org https://git.kernel.org/stable/c/07c3fe923ff7eccf684fb4f8c953d0a7cc8ded73

								
							
							
								
							
						
								
							
								

								
								
					

					

						Removed
						Reference
						
							
							
								
							
								
kernel.org https://git.kernel.org/stable/c/517621b7060096e48e42f545fa6646fc00252eac

								
							
							
								
							
						
								
							
								

								
								
					

					

						Removed
						Reference
						
							
							
								
							
								
kernel.org https://git.kernel.org/stable/c/585fec7361e7850bead21fada49a7fcde2f2e791

								
							
							
								
							
						
								
							
								

								
								
					

					

						Removed
						Reference
						
							
							
								
							
								
kernel.org https://git.kernel.org/stable/c/899e154f9546fcae18065d74064889d08fff62c2

								
							
							
								
							
						
								
							
								

								
								
					

					

						Removed
						Reference
						
							
							
								
							
								
kernel.org https://git.kernel.org/stable/c/9cb3755b1e3680b720b74dbedfac889e904605c7

								
							
							
								
							
						
								
							
								

								
								
					

					

						Removed
						Reference
						
							
							
								
							
								
kernel.org https://git.kernel.org/stable/c/c560327d900bab968c2e1b4cd7fa2d46cd429e3d

								
							
							
								
							
						
								
							
								

								
								
					

					

						Removed
						Reference
						
							
							
								
							
								
kernel.org https://git.kernel.org/stable/c/ff41e0d4f3fa10d7cdd7d40f8026bea9fcc8b000

								
							
							
								
							
						
								
							
								

								
								
					

				
			




		

	
		

			 
			

				CVE Rejected by kernel.org 6/12/2024 12:15:11 PM
			



			

				 
					

						Action
						Type
						Old Value
						New Value