ghsa-xjqc-gcmf-pwgc
Vulnerability from github
Published
2024-08-17 09:30
Modified
2024-08-17 09:30
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/v3d: Validate passed in drm syncobj handles in the performance extension

If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well.

Fix it by checking handle was looked up successfully or otherwise fail the extension by jumping into the existing unwind.

(cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-42260"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-17T09:15:07Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Validate passed in drm syncobj handles in the performance extension\n\nIf userspace provides an unknown or invalid handle anywhere in the handle\narray the rest of the driver will not handle that well.\n\nFix it by checking handle was looked up successfully or otherwise fail the\nextension by jumping into the existing unwind.\n\n(cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213)",
  "id": "GHSA-xjqc-gcmf-pwgc",
  "modified": "2024-08-17T09:30:24Z",
  "published": "2024-08-17T09:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42260"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4ecc24a84d7e0254efd150ec23e0b89638386516"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5d4aa25f47cd05e9eeac272906588728588605dd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.