In the Linux kernel, the following vulnerability has been resolved:
dma-buf: Fix NULL pointer dereference in sanitycheck()
If due to a memory allocation failure mockchain() returns NULL, it is passed to dmafenceenablesw_signaling() resulting in NULL pointer dereference there.
Call dmafenceenableswsignaling() only if mock_chain() succeeds.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
{ "vanir_signatures": [ { "signature_type": "Function", "target": { "file": "drivers/dma-buf/st-dma-fence-chain.c", "function": "sanitycheck" }, "id": "CVE-2024-35916-04db7831", "digest": { "length": 288.0, "function_hash": "330483621667155223224766049915531542706" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0336995512cdab0c65e99e4cdd47c4606debe14e", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/dma-buf/st-dma-fence-chain.c" }, "id": "CVE-2024-35916-206eda56", "digest": { "threshold": 0.9, "line_hashes": [ "249841693038308009061269137382771593006", "257821195211692184687636679722622392234", "203868587428196183786989904951095278579", "170249619505920775864933987682272409492", "74116720861380688922706607465850670162", "9172595770689384504577204356200934015" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0336995512cdab0c65e99e4cdd47c4606debe14e", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/dma-buf/st-dma-fence-chain.c" }, "id": "CVE-2024-35916-30b74288", "digest": { "threshold": 0.9, "line_hashes": [ "249841693038308009061269137382771593006", "257821195211692184687636679722622392234", "203868587428196183786989904951095278579", "170249619505920775864933987682272409492", "74116720861380688922706607465850670162", "9172595770689384504577204356200934015" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@156c226cbbdcf5f3bce7b2408a33b59fab7fae2c", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/dma-buf/st-dma-fence-chain.c", "function": "sanitycheck" }, "id": "CVE-2024-35916-97410ded", "digest": { "length": 288.0, "function_hash": "330483621667155223224766049915531542706" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2295bd846765c766701e666ed2e4b35396be25e6", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/dma-buf/st-dma-fence-chain.c" }, "id": "CVE-2024-35916-9d47fd73", "digest": { "threshold": 0.9, "line_hashes": [ "249841693038308009061269137382771593006", "257821195211692184687636679722622392234", "203868587428196183786989904951095278579", "170249619505920775864933987682272409492", "74116720861380688922706607465850670162", "9172595770689384504577204356200934015" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2295bd846765c766701e666ed2e4b35396be25e6", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/dma-buf/st-dma-fence-chain.c", "function": "sanitycheck" }, "id": "CVE-2024-35916-e6337ae1", "digest": { "length": 288.0, "function_hash": "330483621667155223224766049915531542706" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@156c226cbbdcf5f3bce7b2408a33b59fab7fae2c", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Function", "target": { "file": "drivers/dma-buf/st-dma-fence-chain.c", "function": "sanitycheck" }, "id": "CVE-2024-35916-eb345137", "digest": { "length": 288.0, "function_hash": "330483621667155223224766049915531542706" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eabf131cba1db12005a68378305f13b9090a7a6b", "deprecated": false, "signature_version": "v1" }, { "signature_type": "Line", "target": { "file": "drivers/dma-buf/st-dma-fence-chain.c" }, "id": "CVE-2024-35916-f9cc006a", "digest": { "threshold": 0.9, "line_hashes": [ "249841693038308009061269137382771593006", "257821195211692184687636679722622392234", "203868587428196183786989904951095278579", "170249619505920775864933987682272409492", "74116720861380688922706607465850670162", "9172595770689384504577204356200934015" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eabf131cba1db12005a68378305f13b9090a7a6b", "deprecated": false, "signature_version": "v1" } ] }