CVE-2024-36960: drm/vmwgfx: Fix invalid reads in fence signaled events
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Fix invalid reads in fence signaled events
Correctly set the length of the drmevent to the size of the structure that's actually used.
The length of the drmevent was set to the parent structure instead of to the drmvmweventfence which is supposed to be read. drmread uses the length parameter to copy the event to the user space thus resuling in oob reads.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Fix invalid reads in fence signaled events
The Linux kernel CVE team has assigned CVE-2024-36960 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024060341-CVE-2024-36960-d1bf@gregkh/T
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-36960?
The severity of CVE-2024-36960 is classified as moderate.
How do I fix CVE-2024-36960?
To fix CVE-2024-36960, upgrade the kernel to versions 4.19.314, 5.4.276, 5.10.217, 5.15.159, 6.1.91, or later versions as specified for your distribution.
Which Linux kernel versions are affected by CVE-2024-36960?
CVE-2024-36960 affects several kernel versions before the updates including 4.19.x and 5.x versions prior to the specified patch levels.
What is the nature of the vulnerability CVE-2024-36960?
CVE-2024-36960 involves invalid reads in fence signaled events in the Linux kernel's drm/vmwgfx component.
Has CVE-2024-36960 been resolved?
Yes, CVE-2024-36960 has been resolved with kernel updates that properly set the length of the drm_event structure.