CVE-2024-35916

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35916
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35916.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-35916
Downstream
Related
Published
2024-05-19T08:35:09Z
Modified
2025-10-14T16:08:44.938396Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
dma-buf: Fix NULL pointer dereference in sanitycheck()
Details

In the Linux kernel, the following vulnerability has been resolved:

dma-buf: Fix NULL pointer dereference in sanitycheck()

If due to a memory allocation failure mockchain() returns NULL, it is passed to dmafenceenablesw_signaling() resulting in NULL pointer dereference there.

Call dmafenceenableswsignaling() only if mock_chain() succeeds.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d62c43a953ce02d54521ec06217d0c2ed6d489af
Fixed
0336995512cdab0c65e99e4cdd47c4606debe14e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d62c43a953ce02d54521ec06217d0c2ed6d489af
Fixed
156c226cbbdcf5f3bce7b2408a33b59fab7fae2c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d62c43a953ce02d54521ec06217d0c2ed6d489af
Fixed
eabf131cba1db12005a68378305f13b9090a7a6b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d62c43a953ce02d54521ec06217d0c2ed6d489af
Fixed
2295bd846765c766701e666ed2e4b35396be25e6

Affected versions

v6.*

v6.0
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4

Database specific

{
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "target": {
                "file": "drivers/dma-buf/st-dma-fence-chain.c",
                "function": "sanitycheck"
            },
            "id": "CVE-2024-35916-04db7831",
            "digest": {
                "length": 288.0,
                "function_hash": "330483621667155223224766049915531542706"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0336995512cdab0c65e99e4cdd47c4606debe14e",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "signature_type": "Line",
            "target": {
                "file": "drivers/dma-buf/st-dma-fence-chain.c"
            },
            "id": "CVE-2024-35916-206eda56",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "249841693038308009061269137382771593006",
                    "257821195211692184687636679722622392234",
                    "203868587428196183786989904951095278579",
                    "170249619505920775864933987682272409492",
                    "74116720861380688922706607465850670162",
                    "9172595770689384504577204356200934015"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0336995512cdab0c65e99e4cdd47c4606debe14e",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "signature_type": "Line",
            "target": {
                "file": "drivers/dma-buf/st-dma-fence-chain.c"
            },
            "id": "CVE-2024-35916-30b74288",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "249841693038308009061269137382771593006",
                    "257821195211692184687636679722622392234",
                    "203868587428196183786989904951095278579",
                    "170249619505920775864933987682272409492",
                    "74116720861380688922706607465850670162",
                    "9172595770689384504577204356200934015"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@156c226cbbdcf5f3bce7b2408a33b59fab7fae2c",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "drivers/dma-buf/st-dma-fence-chain.c",
                "function": "sanitycheck"
            },
            "id": "CVE-2024-35916-97410ded",
            "digest": {
                "length": 288.0,
                "function_hash": "330483621667155223224766049915531542706"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2295bd846765c766701e666ed2e4b35396be25e6",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "signature_type": "Line",
            "target": {
                "file": "drivers/dma-buf/st-dma-fence-chain.c"
            },
            "id": "CVE-2024-35916-9d47fd73",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "249841693038308009061269137382771593006",
                    "257821195211692184687636679722622392234",
                    "203868587428196183786989904951095278579",
                    "170249619505920775864933987682272409492",
                    "74116720861380688922706607465850670162",
                    "9172595770689384504577204356200934015"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2295bd846765c766701e666ed2e4b35396be25e6",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "drivers/dma-buf/st-dma-fence-chain.c",
                "function": "sanitycheck"
            },
            "id": "CVE-2024-35916-e6337ae1",
            "digest": {
                "length": 288.0,
                "function_hash": "330483621667155223224766049915531542706"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@156c226cbbdcf5f3bce7b2408a33b59fab7fae2c",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "target": {
                "file": "drivers/dma-buf/st-dma-fence-chain.c",
                "function": "sanitycheck"
            },
            "id": "CVE-2024-35916-eb345137",
            "digest": {
                "length": 288.0,
                "function_hash": "330483621667155223224766049915531542706"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eabf131cba1db12005a68378305f13b9090a7a6b",
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "signature_type": "Line",
            "target": {
                "file": "drivers/dma-buf/st-dma-fence-chain.c"
            },
            "id": "CVE-2024-35916-f9cc006a",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "249841693038308009061269137382771593006",
                    "257821195211692184687636679722622392234",
                    "203868587428196183786989904951095278579",
                    "170249619505920775864933987682272409492",
                    "74116720861380688922706607465850670162",
                    "9172595770689384504577204356200934015"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eabf131cba1db12005a68378305f13b9090a7a6b",
            "deprecated": false,
            "signature_version": "v1"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.1.0
Fixed
6.1.85
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.26
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.8.5