CVE-2024-50096

Summary

In the Linux kernel, the following vulnerability has been resolved:

nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error

The nouveau_dmem_copy_one function ensures that the copy push command is sent to the device firmware but does not track whether it was executed successfully.

In the case of a copy error (e.g., firmware or hardware failure), the copy push command will be sent via the firmware channel, and nouveau_dmem_copy_one will likely report success, leading to the migrate_to_ram function returning a dirty HIGH_USER page to the user.

This can result in a security vulnerability, as a HIGH_USER page that may contain sensitive or corrupted data could be returned to the user.

To prevent this vulnerability, we allocate a zero page. Thus, in case of an error, a non-dirty (zero) page will be returned to the user.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux5be73b690875f7eb2d2defb54ccd7f2f12074984 < fd9bb7e996bab9b9049fffe3f3d3b50dee191d27affected
LinuxLinux5be73b690875f7eb2d2defb54ccd7f2f12074984 < 73f75d2b5aee5a735cf64b8ab4543d5c20dbbdd9affected
LinuxLinux5be73b690875f7eb2d2defb54ccd7f2f12074984 < 8c3de9282dde21ce3c1bf1bde3166a4510547aa9affected
LinuxLinux5be73b690875f7eb2d2defb54ccd7f2f12074984 < 614bfb2050982d23d53d0d51c4079dba0437c883affected
LinuxLinux5be73b690875f7eb2d2defb54ccd7f2f12074984 < 697e3ddcf1f8b68bd531fc34eead27c000bdf3e1affected
LinuxLinux5be73b690875f7eb2d2defb54ccd7f2f12074984 < ab4d113b6718b076046018292f821d5aa4b844f8affected
LinuxLinux5be73b690875f7eb2d2defb54ccd7f2f12074984 < 835745a377a4519decd1a36d6b926e369b3033e2affected
LinuxLinux5.1affected
LinuxLinux0 < 5.1unaffected
LinuxLinux5.4.285 <= 5.4.*unaffected
LinuxLinux5.10.227 <= 5.10.*unaffected
LinuxLinux5.15.168 <= 5.15.*unaffected
LinuxLinux6.1.113 <= 6.1.*unaffected
LinuxLinux6.6.57 <= 6.6.*unaffected
LinuxLinux6.11.4 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References