CVE-2024-26940

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-26940
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26940.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-26940
Downstream
Related
Published
2024-05-01T05:17:48Z
Modified
2025-10-16T22:12:21.942659Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Create debugfs ttmresourcemanager entry only if needed

The driver creates /sys/kernel/debug/dri/0/mobttm even when the corresponding ttmresource_manager is not allocated. This leads to a crash when trying to read from this file.

Add a check to create mobttm, systemmobttm, and gmrttm debug file only when the corresponding ttmresourcemanager is allocated.

crash> bt PID: 3133409 TASK: ffff8fe4834a5000 CPU: 3 COMMAND: "grep" #0 [ffffb954506b3b20] machinekexec at ffffffffb2a6bec3 #1 [ffffb954506b3b78] _crashkexec at ffffffffb2bb598a #2 [ffffb954506b3c38] crashkexec at ffffffffb2bb68c1 #3 [ffffb954506b3c50] oopsend at ffffffffb2a2a9b1 #4 [ffffb954506b3c70] nocontext at ffffffffb2a7e913 #5 [ffffb954506b3cc8] _badareanosemaphore at ffffffffb2a7ec8c #6 [ffffb954506b3d10] dopagefault at ffffffffb2a7f887 #7 [ffffb954506b3d40] pagefault at ffffffffb360116e [exception RIP: ttmresourcemanagerdebug+0x11] RIP: ffffffffc04afd11 RSP: ffffb954506b3df0 RFLAGS: 00010246 RAX: ffff8fe41a6d1200 RBX: 0000000000000000 RCX: 0000000000000940 RDX: 0000000000000000 RSI: ffffffffc04b4338 RDI: 0000000000000000 RBP: ffffb954506b3e08 R8: ffff8fee3ffad000 R9: 0000000000000000 R10: ffff8fe41a76a000 R11: 0000000000000001 R12: 00000000ffffffff R13: 0000000000000001 R14: ffff8fe5bb6f3900 R15: ffff8fe41a6d1200 ORIGRAX: ffffffffffffffff CS: 0010 SS: 0018 #8 [ffffb954506b3e00] ttmresourcemanagershow at ffffffffc04afde7 [ttm] #9 [ffffb954506b3e30] seqread at ffffffffb2d8f9f3 RIP: 00007f4c4eda8985 RSP: 00007ffdbba9e9f8 RFLAGS: 00000246 RAX: ffffffffffffffda RBX: 000000000037e000 RCX: 00007f4c4eda8985 RDX: 000000000037e000 RSI: 00007f4c41573000 RDI: 0000000000000003 RBP: 000000000037e000 R8: 0000000000000000 R9: 000000000037fe30 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c41573000 R13: 0000000000000003 R14: 00007f4c41572010 R15: 0000000000000003 ORIG_RAX: 0000000000000000 CS: 0033 SS: 002b

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
af4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6
Fixed
016119154981d81c9e8f2ea3f56b9e2b4ea14500
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
af4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6
Fixed
042ef0afc40fa1a22b3608f22915b91ce39d128f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
af4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6
Fixed
25e3ce59c1200f1f0563e39de151f34962ab0fe1
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
af4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6
Fixed
eb08db0fc5354fa17b7ed66dab3c503332423451
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
af4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6
Fixed
4be9075fec0a639384ed19975634b662bfab938f

Affected versions

v5.*

v5.18
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.10
v6.7.11
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.9-rc1

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "target": {
            "file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "190955641525857901571056571948435356614",
                "146323459410009246250038498217183783379",
                "48246823370462054743022128936159282242",
                "317197852226856245077017107111608980482",
                "7050877699234941131549548698673853239",
                "67892384168171434578922429570050410478",
                "94984043687140918692049201632094505181",
                "157965191632864145528517097344376422138",
                "54422473991527432871282200900298292502"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4be9075fec0a639384ed19975634b662bfab938f",
        "signature_version": "v1",
        "id": "CVE-2024-26940-3d32f6b5"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "190955641525857901571056571948435356614",
                "146323459410009246250038498217183783379",
                "48246823370462054743022128936159282242",
                "317197852226856245077017107111608980482",
                "7050877699234941131549548698673853239",
                "67892384168171434578922429570050410478",
                "94984043687140918692049201632094505181",
                "157965191632864145528517097344376422138",
                "54422473991527432871282200900298292502"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@016119154981d81c9e8f2ea3f56b9e2b4ea14500",
        "signature_version": "v1",
        "id": "CVE-2024-26940-4638e20b"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "vmw_debugfs_resource_managers_init",
            "file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "84821328882704388192105418388753213297",
            "length": 511.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4be9075fec0a639384ed19975634b662bfab938f",
        "signature_version": "v1",
        "id": "CVE-2024-26940-4d02a830"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "vmw_debugfs_resource_managers_init",
            "file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "84821328882704388192105418388753213297",
            "length": 511.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@016119154981d81c9e8f2ea3f56b9e2b4ea14500",
        "signature_version": "v1",
        "id": "CVE-2024-26940-568e4a07"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "vmw_debugfs_resource_managers_init",
            "file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "84821328882704388192105418388753213297",
            "length": 511.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@25e3ce59c1200f1f0563e39de151f34962ab0fe1",
        "signature_version": "v1",
        "id": "CVE-2024-26940-8401f3d9"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "vmw_debugfs_resource_managers_init",
            "file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "84821328882704388192105418388753213297",
            "length": 511.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@042ef0afc40fa1a22b3608f22915b91ce39d128f",
        "signature_version": "v1",
        "id": "CVE-2024-26940-87738c39"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "190955641525857901571056571948435356614",
                "146323459410009246250038498217183783379",
                "48246823370462054743022128936159282242",
                "317197852226856245077017107111608980482",
                "7050877699234941131549548698673853239",
                "67892384168171434578922429570050410478",
                "94984043687140918692049201632094505181",
                "157965191632864145528517097344376422138",
                "54422473991527432871282200900298292502"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb08db0fc5354fa17b7ed66dab3c503332423451",
        "signature_version": "v1",
        "id": "CVE-2024-26940-8a0547e6"
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "vmw_debugfs_resource_managers_init",
            "file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "84821328882704388192105418388753213297",
            "length": 511.0
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb08db0fc5354fa17b7ed66dab3c503332423451",
        "signature_version": "v1",
        "id": "CVE-2024-26940-8a420449"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "190955641525857901571056571948435356614",
                "146323459410009246250038498217183783379",
                "48246823370462054743022128936159282242",
                "317197852226856245077017107111608980482",
                "7050877699234941131549548698673853239",
                "67892384168171434578922429570050410478",
                "94984043687140918692049201632094505181",
                "157965191632864145528517097344376422138",
                "54422473991527432871282200900298292502"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@042ef0afc40fa1a22b3608f22915b91ce39d128f",
        "signature_version": "v1",
        "id": "CVE-2024-26940-a31454ca"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "190955641525857901571056571948435356614",
                "146323459410009246250038498217183783379",
                "48246823370462054743022128936159282242",
                "317197852226856245077017107111608980482",
                "7050877699234941131549548698673853239",
                "67892384168171434578922429570050410478",
                "94984043687140918692049201632094505181",
                "157965191632864145528517097344376422138",
                "54422473991527432871282200900298292502"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@25e3ce59c1200f1f0563e39de151f34962ab0fe1",
        "signature_version": "v1",
        "id": "CVE-2024-26940-b9d81511"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.19.0
Fixed
6.1.84
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.24
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.12
Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.8.3