CVE-2024-26979 in Linuxinfo

Summary

by MITRE • 05/01/2024

In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Fix possible null pointer derefence with invalid contexts

vmw_context_cotable can return either an error or a null pointer and its usage sometimes went unchecked. Subsequent code would then try to access either a null pointer or an error value.

The invalid dereferences were only possible with malformed userspace apps which never properly initialized the rendering contexts.

Check the results of vmw_context_cotable to fix the invalid derefs.

Thanks: ziming zhang(@ezrak1e) from Ant Group Light-Year Security Lab who was the first person to discover it. Niels De Graef who reported it and helped to track down the poc.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Sources

Do you know our Splunk app?

Download it now for free!