We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-39497

drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)



AssignerLinux
Reserved2024-06-25
Published2024-07-12
Updated2024-11-05

Description

In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) Lack of check for copy-on-write (COW) mapping in drm_gem_shmem_mmap allows users to call mmap with PROT_WRITE and MAP_PRIVATE flag causing a kernel panic due to BUG_ON in vmf_insert_pfn_prot: BUG_ON((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags)); Return -EINVAL early if COW mapping is detected. This bug affects all drm drivers using default shmem helpers. It can be reproduced by this simple example: void *ptr = mmap(0, size, PROT_WRITE, MAP_PRIVATE, fd, mmap_offset); ptr[0] = 0;

Product status

Default status
unaffected

2194a63a818d before 3ae63a8c1685
affected

2194a63a818d before 2219e5f97244
affected

2194a63a818d before 1b4a8b89bf67
affected

2194a63a818d before 03c71c42809e
affected

2194a63a818d before 39bc27bd6880
affected

Default status
affected

5.2
affected

Any version before 5.2
unaffected

5.15.169
unaffected

6.1.114
unaffected

6.6.35
unaffected

6.9.6
unaffected

6.10
unaffected

References

https://git.kernel.org/stable/c/3ae63a8c1685e16958560ec08d30defdc5b9cca0

https://git.kernel.org/stable/c/2219e5f97244b79c276751a1167615b9714db1b0

https://git.kernel.org/stable/c/1b4a8b89bf6787090b56424d269bf84ba00c3263

https://git.kernel.org/stable/c/03c71c42809ef4b17f5d874cdb2d3bf40e847b86

https://git.kernel.org/stable/c/39bc27bd688066a63e56f7f64ad34fae03fbe3b8

cve.org CVE-2024-39497

nvd.nist.gov CVE-2024-39497

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.