CVE-2024-26940

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-26940
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26940.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-26940
Downstream
Related
Published
2024-05-01T05:17:48.607Z
Modified
2026-03-13T07:53:43.538670Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Create debugfs ttmresourcemanager entry only if needed

The driver creates /sys/kernel/debug/dri/0/mobttm even when the corresponding ttmresource_manager is not allocated. This leads to a crash when trying to read from this file.

Add a check to create mobttm, systemmobttm, and gmrttm debug file only when the corresponding ttmresourcemanager is allocated.

crash> bt PID: 3133409 TASK: ffff8fe4834a5000 CPU: 3 COMMAND: "grep" #0 [ffffb954506b3b20] machine_kexec at ffffffffb2a6bec3 #1 [ffffb954506b3b78] __crashkexec at ffffffffb2bb598a #2 [ffffb954506b3c38] crashkexec at ffffffffb2bb68c1 #3 [ffffb954506b3c50] oopsend at ffffffffb2a2a9b1 #4 [ffffb954506b3c70] nocontext at ffffffffb2a7e913 #5 [ffffb954506b3cc8] __badareanosemaphore at ffffffffb2a7ec8c #6 [ffffb954506b3d10] dopagefault at ffffffffb2a7f887 #7 [ffffb954506b3d40] pagefault at ffffffffb360116e [exception RIP: ttmresourcemanagerdebug+0x11] RIP: ffffffffc04afd11 RSP: ffffb954506b3df0 RFLAGS: 00010246 RAX: ffff8fe41a6d1200 RBX: 0000000000000000 RCX: 0000000000000940 RDX: 0000000000000000 RSI: ffffffffc04b4338 RDI: 0000000000000000 RBP: ffffb954506b3e08 R8: ffff8fee3ffad000 R9: 0000000000000000 R10: ffff8fe41a76a000 R11: 0000000000000001 R12: 00000000ffffffff R13: 0000000000000001 R14: ffff8fe5bb6f3900 R15: ffff8fe41a6d1200 ORIGRAX: ffffffffffffffff CS: 0010 SS: 0018 #8 [ffffb954506b3e00] ttmresourcemanagershow at ffffffffc04afde7 [ttm] #9 [ffffb954506b3e30] seqread at ffffffffb2d8f9f3 RIP: 00007f4c4eda8985 RSP: 00007ffdbba9e9f8 RFLAGS: 00000246 RAX: ffffffffffffffda RBX: 000000000037e000 RCX: 00007f4c4eda8985 RDX: 000000000037e000 RSI: 00007f4c41573000 RDI: 0000000000000003 RBP: 000000000037e000 R8: 0000000000000000 R9: 000000000037fe30 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c41573000 R13: 0000000000000003 R14: 00007f4c41572010 R15: 0000000000000003 ORIGRAX: 0000000000000000 CS: 0033 SS: 002b

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26940.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
af4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6
Fixed
016119154981d81c9e8f2ea3f56b9e2b4ea14500
Fixed
042ef0afc40fa1a22b3608f22915b91ce39d128f
Fixed
25e3ce59c1200f1f0563e39de151f34962ab0fe1
Fixed
eb08db0fc5354fa17b7ed66dab3c503332423451
Fixed
4be9075fec0a639384ed19975634b662bfab938f

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26940.json"