CVE-2024-26943 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: handle kcalloc() allocation failure The kcalloc() in nouveau_dmem_evict_chunk() will return null if the physical memory has run out. As a result, if we dereference src_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs will happen. Moreover, the GPU is going away. If the kcalloc() fails, we could not evict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL flag in kcalloc(). Finally, as there is no need to have physically contiguous memory, this patch switches kcalloc() to kvcalloc() in order to avoid failing allocations.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux	Linux Kernel

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/16e87fe23d4af6df920406494ced5c0f4354567b
https://git.kernel.org/stable/c/2a84744a037b8a511d6a9055f3defddc28ff4a4d
https://git.kernel.org/stable/c/3e82f7383e0b82a835e6b6b06a348b2bc4e2c2ee
https://git.kernel.org/stable/c/5e81773757a95fc298e96cfd6d4700f07b6192a2
https://git.kernel.org/stable/c/9acfd8b083a0ffbd387566800d89f55058a68af2
https://lore.kernel.org/linux-cve-announce/2024050125-CVE-2024-26943-9ea5@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26943
https://www.cve.org/CVERecord?id=CVE-2024-26943

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-01T05:18:00.713Z

Updated: 2025-05-04T09:00:20.147Z

Reserved: 2024-02-19T14:20:24.197Z

Link: CVE-2024-26943

Vulnrichment

Updated: 2024-08-02T00:21:05.681Z

NVD

Status : Awaiting Analysis

Published: 2024-05-01T06:15:09.877

Modified: 2024-11-21T09:03:26.737

Link: CVE-2024-26943

Redhat

Severity : Moderate

Publid Date: 2024-05-01T00:00:00Z

Links: CVE-2024-26943 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26943", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.197Z", "datePublished": "2024-05-01T05:18:00.713Z", "dateUpdated": "2025-05-04T09:00:20.147Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:00:20.147Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/dmem: handle kcalloc() allocation failure\n\nThe kcalloc() in nouveau_dmem_evict_chunk() will return null if\nthe physical memory has run out. As a result, if we dereference\nsrc_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs\nwill happen.\n\nMoreover, the GPU is going away. If the kcalloc() fails, we could not\nevict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL\nflag in kcalloc().\n\nFinally, as there is no need to have physically contiguous memory,\nthis patch switches kcalloc() to kvcalloc() in order to avoid\nfailing allocations."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/nouveau/nouveau_dmem.c"], "versions": [{"version": "249881232e1471d28b68f9a3829acc14d150cf5d", "lessThan": "9acfd8b083a0ffbd387566800d89f55058a68af2", "status": "affected", "versionType": "git"}, {"version": "249881232e1471d28b68f9a3829acc14d150cf5d", "lessThan": "2a84744a037b8a511d6a9055f3defddc28ff4a4d", "status": "affected", "versionType": "git"}, {"version": "249881232e1471d28b68f9a3829acc14d150cf5d", "lessThan": "5e81773757a95fc298e96cfd6d4700f07b6192a2", "status": "affected", "versionType": "git"}, {"version": "249881232e1471d28b68f9a3829acc14d150cf5d", "lessThan": "3e82f7383e0b82a835e6b6b06a348b2bc4e2c2ee", "status": "affected", "versionType": "git"}, {"version": "249881232e1471d28b68f9a3829acc14d150cf5d", "lessThan": "16e87fe23d4af6df920406494ced5c0f4354567b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/nouveau/nouveau_dmem.c"], "versions": [{"version": "6.1", "status": "affected"}, {"version": "0", "lessThan": "6.1", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.24", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.12", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.3", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.1.84"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.6.24"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.7.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.8.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9acfd8b083a0ffbd387566800d89f55058a68af2"}, {"url": "https://git.kernel.org/stable/c/2a84744a037b8a511d6a9055f3defddc28ff4a4d"}, {"url": "https://git.kernel.org/stable/c/5e81773757a95fc298e96cfd6d4700f07b6192a2"}, {"url": "https://git.kernel.org/stable/c/3e82f7383e0b82a835e6b6b06a348b2bc4e2c2ee"}, {"url": "https://git.kernel.org/stable/c/16e87fe23d4af6df920406494ced5c0f4354567b"}], "title": "nouveau/dmem: handle kcalloc() allocation failure", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-17T14:21:43.677577Z", "id": "CVE-2024-26943", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T14:21:55.983Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.681Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9acfd8b083a0ffbd387566800d89f55058a68af2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2a84744a037b8a511d6a9055f3defddc28ff4a4d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5e81773757a95fc298e96cfd6d4700f07b6192a2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3e82f7383e0b82a835e6b6b06a348b2bc4e2c2ee", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/16e87fe23d4af6df920406494ced5c0f4354567b", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9acfd8b083a0ffbd387566800d89f55058a68af2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2a84744a037b8a511d6a9055f3defddc28ff4a4d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5e81773757a95fc298e96cfd6d4700f07b6192a2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3e82f7383e0b82a835e6b6b06a348b2bc4e2c2ee", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/16e87fe23d4af6df920406494ced5c0f4354567b", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.681Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26943", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-17T14:21:43.677577Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T14:21:52.154Z"}}], "cna": {"title": "nouveau/dmem: handle kcalloc() allocation failure", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "249881232e1471d28b68f9a3829acc14d150cf5d", "lessThan": "9acfd8b083a0ffbd387566800d89f55058a68af2", "versionType": "git"}, {"status": "affected", "version": "249881232e1471d28b68f9a3829acc14d150cf5d", "lessThan": "2a84744a037b8a511d6a9055f3defddc28ff4a4d", "versionType": "git"}, {"status": "affected", "version": "249881232e1471d28b68f9a3829acc14d150cf5d", "lessThan": "5e81773757a95fc298e96cfd6d4700f07b6192a2", "versionType": "git"}, {"status": "affected", "version": "249881232e1471d28b68f9a3829acc14d150cf5d", "lessThan": "3e82f7383e0b82a835e6b6b06a348b2bc4e2c2ee", "versionType": "git"}, {"status": "affected", "version": "249881232e1471d28b68f9a3829acc14d150cf5d", "lessThan": "16e87fe23d4af6df920406494ced5c0f4354567b", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/nouveau/nouveau_dmem.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.1"}, {"status": "unaffected", "version": "0", "lessThan": "6.1", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.84", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.24", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.12", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.3", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/nouveau/nouveau_dmem.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/9acfd8b083a0ffbd387566800d89f55058a68af2"}, {"url": "https://git.kernel.org/stable/c/2a84744a037b8a511d6a9055f3defddc28ff4a4d"}, {"url": "https://git.kernel.org/stable/c/5e81773757a95fc298e96cfd6d4700f07b6192a2"}, {"url": "https://git.kernel.org/stable/c/3e82f7383e0b82a835e6b6b06a348b2bc4e2c2ee"}, {"url": "https://git.kernel.org/stable/c/16e87fe23d4af6df920406494ced5c0f4354567b"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/dmem: handle kcalloc() allocation failure\n\nThe kcalloc() in nouveau_dmem_evict_chunk() will return null if\nthe physical memory has run out. As a result, if we dereference\nsrc_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs\nwill happen.\n\nMoreover, the GPU is going away. If the kcalloc() fails, we could not\nevict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL\nflag in kcalloc().\n\nFinally, as there is no need to have physically contiguous memory,\nthis patch switches kcalloc() to kvcalloc() in order to avoid\nfailing allocations."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.84", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.24", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.7.12", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8.3", "versionStartIncluding": "6.1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9", "versionStartIncluding": "6.1"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:00:20.147Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26943", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:00:20.147Z", "dateReserved": "2024-02-19T14:20:24.197Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-01T05:18:00.713Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/dmem: handle kcalloc() allocation failure\n\nThe kcalloc() in nouveau_dmem_evict_chunk() will return null if\nthe physical memory has run out. As a result, if we dereference\nsrc_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs\nwill happen.\n\nMoreover, the GPU is going away. If the kcalloc() fails, we could not\nevict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL\nflag in kcalloc().\n\nFinally, as there is no need to have physically contiguous memory,\nthis patch switches kcalloc() to kvcalloc() in order to avoid\nfailing allocations."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nouveau/dmem: maneja el error de asignaci\u00f3n de kcalloc() El kcalloc() en nouveau_dmem_evict_chunk() devolver\u00e1 nulo si la memoria f\u00edsica se ha agotado. Como resultado, si eliminamos la referencia a src_pfns, dst_pfns o dma_addrs, se producir\u00e1n errores de desreferenciaci\u00f3n del puntero nulo. Adem\u00e1s, la GPU est\u00e1 desapareciendo. Si kcalloc() falla, no podremos desalojar todas las p\u00e1ginas que asignan un fragmento. Entonces este parche agrega un indicador __GFP_NOFAIL en kcalloc(). Finalmente, como no es necesario tener memoria f\u00edsicamente contigua, este parche cambia kcalloc() a kvcalloc() para evitar asignaciones fallidas."}], "id": "CVE-2024-26943", "lastModified": "2024-11-21T09:03:26.737", "metrics": {}, "published": "2024-05-01T06:15:09.877", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/16e87fe23d4af6df920406494ced5c0f4354567b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2a84744a037b8a511d6a9055f3defddc28ff4a4d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3e82f7383e0b82a835e6b6b06a348b2bc4e2c2ee"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5e81773757a95fc298e96cfd6d4700f07b6192a2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9acfd8b083a0ffbd387566800d89f55058a68af2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/16e87fe23d4af6df920406494ced5c0f4354567b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/2a84744a037b8a511d6a9055f3defddc28ff4a4d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/3e82f7383e0b82a835e6b6b06a348b2bc4e2c2ee"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/5e81773757a95fc298e96cfd6d4700f07b6192a2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/9acfd8b083a0ffbd387566800d89f55058a68af2"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: nouveau/dmem: handle kcalloc() allocation failure", "id": "2278212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278212"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnouveau/dmem: handle kcalloc() allocation failure\nThe kcalloc() in nouveau_dmem_evict_chunk() will return null if\nthe physical memory has run out. As a result, if we dereference\nsrc_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs\nwill happen.\nMoreover, the GPU is going away. If the kcalloc() fails, we could not\nevict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL\nflag in kcalloc().\nFinally, as there is no need to have physically contiguous memory,\nthis patch switches kcalloc() to kvcalloc() in order to avoid\nfailing allocations."], "name": "CVE-2024-26943", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26943\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26943\nhttps://lore.kernel.org/linux-cve-announce/2024050125-CVE-2024-26943-9ea5@gregkh/T"], "threat_severity": "Moderate"}