{ "threat_severity" : "Moderate", "public_date" : "2024-05-20T00:00:00Z", "bugzilla" : { "description" : "kernel: drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()", "id" : "2281940", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2281940" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "draft" }, "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndrm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()\nSubject: [PATCH] drm/panfrost: Fix the error path in\npanfrost_mmu_map_fault_addr()\nIf some the pages or sgt allocation failed, we shouldn't release the\npages ref we got earlier, otherwise we will end up with unbalanced\nget/put_pages() calls. We should instead leave everything in place\nand let the BO release function deal with extra cleanup when the object\nis destroyed, or let the fault handler try again next time it's called.", "A vulnerability was found in the panfrost_mmu_map_fault_addr() function in the Linux kernel's drm panfrost_mmu.c driver, where improper error handling and cleanup can lead to resource management problems and system instability. This occurs when the shmem_read_mapping_page() or sg_alloc_table_from_pages() functions fail, causing panfrost_mmu_map_fault_addr() to handle the error by freeing any allocated pages prematurely. By calling drm_gem_shmem_put_pages() prematurely, a potential double-free scenario can result, leading to memory corruption or resource leaks." ], "statement" : "Red Hat Enterprise Linux is not impacted by this CVE, as this vulnerability does not affect the specific versions or configurations of the Linux kernel used in its distributions. This ensures that users of Red Hat Enterprise Linux are not exposed to the potential risks associated with this issue, and no further action or mitigation is necessary for systems running this operating system.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-35951\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35951\nhttps://lore.kernel.org/linux-cve-announce/2024052017-CVE-2024-35951-d66a@gregkh/T" ], "name" : "CVE-2024-35951", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }