U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-26979

Change History

CVE Translated by kernel.org 6/12/2024 12:15:11 PM

Action Type Old Value New Value
Removed Translation
Title: kernel de Linux
Description: En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/vmwgfx: corrige una posible desreferencia del puntero nulo con contextos no válidos. vmw_context_cotable puede devolver un error o un puntero nulo y, en ocasiones, su uso no se controlaba. El código posterior intentaría acceder a un puntero nulo o a un valor de error. Las desreferencias no válidas solo fueron posibles con aplicaciones de espacio de usuario con formato incorrecto que nunca inicializaron correctamente los contextos de representación. Verifique los resultados de vmw_context_cotable para corregir los derefs no válidos. Gracias: ziming zhang (@ezrak1e) de Ant Group Light-Year Security Lab, quien fue la primera persona en descubrirlo. Niels De Graef, quien lo informó y ayudó a localizar al poc.

								
						

CVE Rejected by kernel.org 6/12/2024 12:15:11 PM

Action Type Old Value New Value

CVE Modified by kernel.org 6/12/2024 12:15:11 PM

Action Type Old Value New Value
Removed CPE Configuration
OR
     
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 from (excluding) 6.6.24
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 from (excluding) 6.7.12
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 from (excluding) 5.15.154
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 from (excluding) 5.10.215
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 from (excluding) 6.1.84
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.8 from (excluding) 6.8.3

								
						
Removed CVSS V3.1
NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

								
						
Removed CWE
NIST CWE-476

								
						
Changed Description
In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Fix possible null pointer derefence with invalid contexts

vmw_context_cotable can return either an error or a null pointer and its
usage sometimes went unchecked. Subsequent code would then try to access
either a null pointer or an error value.

The invalid dereferences were only possible with malformed userspace
apps which never properly initialized the rendering contexts.

Check the results of vmw_context_cotable to fix the invalid derefs.

Thanks:
ziming zhang(@ezrak1e) from Ant Group Light-Year Security Lab
who was the first person to discover it.
Niels De Graef who reported it and helped to track down the poc.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Removed Reference
kernel.org https://git.kernel.org/stable/c/07c3fe923ff7eccf684fb4f8c953d0a7cc8ded73

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/517621b7060096e48e42f545fa6646fc00252eac

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/585fec7361e7850bead21fada49a7fcde2f2e791

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/899e154f9546fcae18065d74064889d08fff62c2

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/9cb3755b1e3680b720b74dbedfac889e904605c7

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/c560327d900bab968c2e1b4cd7fa2d46cd429e3d

								
						
Removed Reference
kernel.org https://git.kernel.org/stable/c/ff41e0d4f3fa10d7cdd7d40f8026bea9fcc8b000