CVE-2024-26940
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-26940
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26940.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-26940
- Downstream
- Related
- Published
- 2024-05-01T05:17:48Z
- Modified
- 2025-10-16T22:12:21.942659Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Create debugfs ttmresourcemanager entry only if needed
The driver creates /sys/kernel/debug/dri/0/mobttm even when the corresponding ttmresource_manager is not allocated. This leads to a crash when trying to read from this file.
Add a check to create mobttm, systemmobttm, and gmrttm debug file only when the corresponding ttmresourcemanager is allocated.
crash> bt PID: 3133409 TASK: ffff8fe4834a5000 CPU: 3 COMMAND: "grep" #0 [ffffb954506b3b20] machinekexec at ffffffffb2a6bec3 #1 [ffffb954506b3b78] _crashkexec at ffffffffb2bb598a #2 [ffffb954506b3c38] crashkexec at ffffffffb2bb68c1 #3 [ffffb954506b3c50] oopsend at ffffffffb2a2a9b1 #4 [ffffb954506b3c70] nocontext at ffffffffb2a7e913 #5 [ffffb954506b3cc8] _badareanosemaphore at ffffffffb2a7ec8c #6 [ffffb954506b3d10] dopagefault at ffffffffb2a7f887 #7 [ffffb954506b3d40] pagefault at ffffffffb360116e [exception RIP: ttmresourcemanagerdebug+0x11] RIP: ffffffffc04afd11 RSP: ffffb954506b3df0 RFLAGS: 00010246 RAX: ffff8fe41a6d1200 RBX: 0000000000000000 RCX: 0000000000000940 RDX: 0000000000000000 RSI: ffffffffc04b4338 RDI: 0000000000000000 RBP: ffffb954506b3e08 R8: ffff8fee3ffad000 R9: 0000000000000000 R10: ffff8fe41a76a000 R11: 0000000000000001 R12: 00000000ffffffff R13: 0000000000000001 R14: ffff8fe5bb6f3900 R15: ffff8fe41a6d1200 ORIGRAX: ffffffffffffffff CS: 0010 SS: 0018 #8 [ffffb954506b3e00] ttmresourcemanagershow at ffffffffc04afde7 [ttm] #9 [ffffb954506b3e30] seqread at ffffffffb2d8f9f3 RIP: 00007f4c4eda8985 RSP: 00007ffdbba9e9f8 RFLAGS: 00000246 RAX: ffffffffffffffda RBX: 000000000037e000 RCX: 00007f4c4eda8985 RDX: 000000000037e000 RSI: 00007f4c41573000 RDI: 0000000000000003 RBP: 000000000037e000 R8: 0000000000000000 R9: 000000000037fe30 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c41573000 R13: 0000000000000003 R14: 00007f4c41572010 R15: 0000000000000003 ORIG_RAX: 0000000000000000 CS: 0033 SS: 002b
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/016119154981d81c9e8f2ea3f56b9e2b4ea14500
- https://git.kernel.org/stable/c/042ef0afc40fa1a22b3608f22915b91ce39d128f
- https://git.kernel.org/stable/c/25e3ce59c1200f1f0563e39de151f34962ab0fe1
- https://git.kernel.org/stable/c/4be9075fec0a639384ed19975634b662bfab938f
- https://git.kernel.org/stable/c/eb08db0fc5354fa17b7ed66dab3c503332423451
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedaf4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6Fixed016119154981d81c9e8f2ea3f56b9e2b4ea14500
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedaf4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6Fixed042ef0afc40fa1a22b3608f22915b91ce39d128f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedaf4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6Fixed25e3ce59c1200f1f0563e39de151f34962ab0fe1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedaf4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6Fixedeb08db0fc5354fa17b7ed66dab3c503332423451
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedaf4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6Fixed4be9075fec0a639384ed19975634b662bfab938f
Affected versions
v5.*
v5.18
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.10
v6.7.11
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.9-rc1
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"target": {
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"190955641525857901571056571948435356614",
"146323459410009246250038498217183783379",
"48246823370462054743022128936159282242",
"317197852226856245077017107111608980482",
"7050877699234941131549548698673853239",
"67892384168171434578922429570050410478",
"94984043687140918692049201632094505181",
"157965191632864145528517097344376422138",
"54422473991527432871282200900298292502"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4be9075fec0a639384ed19975634b662bfab938f",
"signature_version": "v1",
"id": "CVE-2024-26940-3d32f6b5"
},
{
"signature_type": "Line",
"target": {
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"190955641525857901571056571948435356614",
"146323459410009246250038498217183783379",
"48246823370462054743022128936159282242",
"317197852226856245077017107111608980482",
"7050877699234941131549548698673853239",
"67892384168171434578922429570050410478",
"94984043687140918692049201632094505181",
"157965191632864145528517097344376422138",
"54422473991527432871282200900298292502"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@016119154981d81c9e8f2ea3f56b9e2b4ea14500",
"signature_version": "v1",
"id": "CVE-2024-26940-4638e20b"
},
{
"signature_type": "Function",
"target": {
"function": "vmw_debugfs_resource_managers_init",
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"deprecated": false,
"digest": {
"function_hash": "84821328882704388192105418388753213297",
"length": 511.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4be9075fec0a639384ed19975634b662bfab938f",
"signature_version": "v1",
"id": "CVE-2024-26940-4d02a830"
},
{
"signature_type": "Function",
"target": {
"function": "vmw_debugfs_resource_managers_init",
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"deprecated": false,
"digest": {
"function_hash": "84821328882704388192105418388753213297",
"length": 511.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@016119154981d81c9e8f2ea3f56b9e2b4ea14500",
"signature_version": "v1",
"id": "CVE-2024-26940-568e4a07"
},
{
"signature_type": "Function",
"target": {
"function": "vmw_debugfs_resource_managers_init",
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"deprecated": false,
"digest": {
"function_hash": "84821328882704388192105418388753213297",
"length": 511.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@25e3ce59c1200f1f0563e39de151f34962ab0fe1",
"signature_version": "v1",
"id": "CVE-2024-26940-8401f3d9"
},
{
"signature_type": "Function",
"target": {
"function": "vmw_debugfs_resource_managers_init",
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"deprecated": false,
"digest": {
"function_hash": "84821328882704388192105418388753213297",
"length": 511.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@042ef0afc40fa1a22b3608f22915b91ce39d128f",
"signature_version": "v1",
"id": "CVE-2024-26940-87738c39"
},
{
"signature_type": "Line",
"target": {
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"190955641525857901571056571948435356614",
"146323459410009246250038498217183783379",
"48246823370462054743022128936159282242",
"317197852226856245077017107111608980482",
"7050877699234941131549548698673853239",
"67892384168171434578922429570050410478",
"94984043687140918692049201632094505181",
"157965191632864145528517097344376422138",
"54422473991527432871282200900298292502"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb08db0fc5354fa17b7ed66dab3c503332423451",
"signature_version": "v1",
"id": "CVE-2024-26940-8a0547e6"
},
{
"signature_type": "Function",
"target": {
"function": "vmw_debugfs_resource_managers_init",
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"deprecated": false,
"digest": {
"function_hash": "84821328882704388192105418388753213297",
"length": 511.0
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb08db0fc5354fa17b7ed66dab3c503332423451",
"signature_version": "v1",
"id": "CVE-2024-26940-8a420449"
},
{
"signature_type": "Line",
"target": {
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"190955641525857901571056571948435356614",
"146323459410009246250038498217183783379",
"48246823370462054743022128936159282242",
"317197852226856245077017107111608980482",
"7050877699234941131549548698673853239",
"67892384168171434578922429570050410478",
"94984043687140918692049201632094505181",
"157965191632864145528517097344376422138",
"54422473991527432871282200900298292502"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@042ef0afc40fa1a22b3608f22915b91ce39d128f",
"signature_version": "v1",
"id": "CVE-2024-26940-a31454ca"
},
{
"signature_type": "Line",
"target": {
"file": "drivers/gpu/drm/vmwgfx/vmwgfx_drv.c"
},
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"190955641525857901571056571948435356614",
"146323459410009246250038498217183783379",
"48246823370462054743022128936159282242",
"317197852226856245077017107111608980482",
"7050877699234941131549548698673853239",
"67892384168171434578922429570050410478",
"94984043687140918692049201632094505181",
"157965191632864145528517097344376422138",
"54422473991527432871282200900298292502"
]
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@25e3ce59c1200f1f0563e39de151f34962ab0fe1",
"signature_version": "v1",
"id": "CVE-2024-26940-b9d81511"
}
]