CVE-2024-35951 in Linux
Summary
by MITRE • 05/20/2024
In the Linux kernel, the following vulnerability has been resolved:
drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()
Subject: [PATCH] drm/panfrost: Fix the error path in
panfrost_mmu_map_fault_addr()
If some the pages or sgt allocation failed, we shouldn't release the pages ref we got earlier, otherwise we will end up with unbalanced get/put_pages() calls. We should instead leave everything in place and let the BO release function deal with extra cleanup when the object is destroyed, or let the fault handler try again next time it's called.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 09/24/2025
The vulnerability identified as CVE-2024-35951 affects the Linux kernel's panfrost driver, which is responsible for managing graphics processing units in embedded systems and mobile devices. This issue resides within the drm/panfrost subsystem and specifically targets the panfrost_mmu_map_fault_addr() function that handles memory management unit fault addressing operations. The panfrost driver is part of the broader Direct Rendering Manager framework that provides graphics acceleration for various hardware platforms. When memory allocation fails during fault handling operations, the driver encounters a critical resource management error that can lead to system instability and potential security implications.
The technical flaw manifests in improper error handling within the memory management unit fault path. During the execution of panfrost_mmu_map_fault_addr(), when page or scatter-gather table allocations fail, the driver incorrectly releases previously acquired page references. This creates an imbalance in the get/put_pages() reference counting mechanism that is fundamental to Linux kernel memory management. The improper cleanup results in a resource leak where pages that should remain allocated are prematurely freed, leading to inconsistent memory state and potential double-free conditions. This type of error path handling issue falls under CWE-459, which describes incomplete cleanup vulnerabilities where resources are not properly released. The flaw represents a classic case of resource management failure that can be exploited to cause system crashes or potentially enable privilege escalation attacks.
The operational impact of this vulnerability extends beyond simple system instability to potentially compromise the integrity of graphics processing operations within embedded systems. When fault handling fails due to the improper get/put_pages() call imbalance, it can cause the graphics subsystem to become unresponsive or crash entirely, affecting applications that rely on GPU acceleration. The vulnerability affects systems using panfrost-compatible hardware, particularly those in mobile devices, embedded systems, and IoT platforms where graphics processing is critical for user experience. Attackers could potentially exploit this condition to cause denial of service attacks against systems running affected kernel versions, or in more sophisticated scenarios, leverage the memory corruption to gain unauthorized access to system resources. The issue is particularly concerning in automotive, industrial control, and mobile computing environments where reliable graphics processing is essential for system operation.
Mitigation strategies for CVE-2024-35951 involve applying the official kernel patch that corrects the error handling logic within the panfrost_mmu_map_fault_addr() function. The fix ensures that when memory allocation failures occur, the driver preserves the existing page references rather than prematurely releasing them, allowing the normal cleanup processes to handle resource deallocation properly. System administrators should prioritize updating to kernel versions that include this patch, particularly those containing the drm/panfrost driver with the corrected implementation. Organizations running embedded systems or mobile platforms that utilize panfrost graphics acceleration should implement comprehensive testing procedures to validate the patch deployment without introducing regressions in graphics functionality. Additionally, monitoring systems should be configured to detect unusual graphics subsystem behavior that might indicate exploitation attempts. The vulnerability aligns with ATT&CK technique T1059, which involves system compromise through exploitation of kernel vulnerabilities, and represents a critical security concern for embedded and mobile device manufacturers who rely on Linux kernel graphics drivers for their products.