CVE-2024-35916
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35916
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35916.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-35916
- Downstream
- Related
- Published
- 2024-05-19T08:35:09Z
- Modified
- 2025-10-17T03:58:04.574871Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- dma-buf: Fix NULL pointer dereference in sanitycheck()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
dma-buf: Fix NULL pointer dereference in sanitycheck()
If due to a memory allocation failure mockchain() returns NULL, it is passed to dmafenceenablesw_signaling() resulting in NULL pointer dereference there.
Call dmafenceenableswsignaling() only if mock_chain() succeeds.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0336995512cdab0c65e99e4cdd47c4606debe14e
- https://git.kernel.org/stable/c/156c226cbbdcf5f3bce7b2408a33b59fab7fae2c
- https://git.kernel.org/stable/c/2295bd846765c766701e666ed2e4b35396be25e6
- https://git.kernel.org/stable/c/eabf131cba1db12005a68378305f13b9090a7a6b
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd62c43a953ce02d54521ec06217d0c2ed6d489afFixed0336995512cdab0c65e99e4cdd47c4606debe14e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd62c43a953ce02d54521ec06217d0c2ed6d489afFixed156c226cbbdcf5f3bce7b2408a33b59fab7fae2c
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd62c43a953ce02d54521ec06217d0c2ed6d489afFixedeabf131cba1db12005a68378305f13b9090a7a6b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd62c43a953ce02d54521ec06217d0c2ed6d489afFixed2295bd846765c766701e666ed2e4b35396be25e6
Affected versions
v6.*
v6.0
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
Database specific
vanir_signatures
[
{
"id": "CVE-2024-35916-04db7831",
"digest": {
"length": 288.0,
"function_hash": "330483621667155223224766049915531542706"
},
"signature_version": "v1",
"target": {
"file": "drivers/dma-buf/st-dma-fence-chain.c",
"function": "sanitycheck"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0336995512cdab0c65e99e4cdd47c4606debe14e"
},
{
"id": "CVE-2024-35916-206eda56",
"digest": {
"line_hashes": [
"249841693038308009061269137382771593006",
"257821195211692184687636679722622392234",
"203868587428196183786989904951095278579",
"170249619505920775864933987682272409492",
"74116720861380688922706607465850670162",
"9172595770689384504577204356200934015"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "drivers/dma-buf/st-dma-fence-chain.c"
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0336995512cdab0c65e99e4cdd47c4606debe14e"
},
{
"id": "CVE-2024-35916-30b74288",
"digest": {
"line_hashes": [
"249841693038308009061269137382771593006",
"257821195211692184687636679722622392234",
"203868587428196183786989904951095278579",
"170249619505920775864933987682272409492",
"74116720861380688922706607465850670162",
"9172595770689384504577204356200934015"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "drivers/dma-buf/st-dma-fence-chain.c"
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@156c226cbbdcf5f3bce7b2408a33b59fab7fae2c"
},
{
"id": "CVE-2024-35916-97410ded",
"digest": {
"length": 288.0,
"function_hash": "330483621667155223224766049915531542706"
},
"signature_version": "v1",
"target": {
"file": "drivers/dma-buf/st-dma-fence-chain.c",
"function": "sanitycheck"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2295bd846765c766701e666ed2e4b35396be25e6"
},
{
"id": "CVE-2024-35916-9d47fd73",
"digest": {
"line_hashes": [
"249841693038308009061269137382771593006",
"257821195211692184687636679722622392234",
"203868587428196183786989904951095278579",
"170249619505920775864933987682272409492",
"74116720861380688922706607465850670162",
"9172595770689384504577204356200934015"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "drivers/dma-buf/st-dma-fence-chain.c"
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2295bd846765c766701e666ed2e4b35396be25e6"
},
{
"id": "CVE-2024-35916-e6337ae1",
"digest": {
"length": 288.0,
"function_hash": "330483621667155223224766049915531542706"
},
"signature_version": "v1",
"target": {
"file": "drivers/dma-buf/st-dma-fence-chain.c",
"function": "sanitycheck"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@156c226cbbdcf5f3bce7b2408a33b59fab7fae2c"
},
{
"id": "CVE-2024-35916-eb345137",
"digest": {
"length": 288.0,
"function_hash": "330483621667155223224766049915531542706"
},
"signature_version": "v1",
"target": {
"file": "drivers/dma-buf/st-dma-fence-chain.c",
"function": "sanitycheck"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eabf131cba1db12005a68378305f13b9090a7a6b"
},
{
"id": "CVE-2024-35916-f9cc006a",
"digest": {
"line_hashes": [
"249841693038308009061269137382771593006",
"257821195211692184687636679722622392234",
"203868587428196183786989904951095278579",
"170249619505920775864933987682272409492",
"74116720861380688922706607465850670162",
"9172595770689384504577204356200934015"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "drivers/dma-buf/st-dma-fence-chain.c"
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eabf131cba1db12005a68378305f13b9090a7a6b"
}
]