CVE-2024-36960

UNKNOWN

Published 2024-06-03T07:49:58.951Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-36960. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Fix invalid reads in fence signaled events

Correctly set the length of the drm_event to the size of the structure
that's actually used.

The length of the drm_event was set to the parent structure instead of
to the drm_vmw_event_fence which is supposed to be read. drm_read
uses the length parameter to copy the event to the user space thus
resuling in oob reads.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

8b7de6aa84682a3396544fd88cd457f95484573a 8b7de6aa84682a3396544fd88cd457f95484573a 8b7de6aa84682a3396544fd88cd457f95484573a 8b7de6aa84682a3396544fd88cd457f95484573a 8b7de6aa84682a3396544fd88cd457f95484573a 8b7de6aa84682a3396544fd88cd457f95484573a 8b7de6aa84682a3396544fd88cd457f95484573a 8b7de6aa84682a3396544fd88cd457f95484573a

Linux

Affected Versions:

3.4 0 4.19.314 5.4.276 5.10.217 5.15.159 6.1.91 6.6.31 6.8.10 6.9

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-5w4f-cwfr-f344

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure instead of to the drm_vmw_event_fence which is supposed to be read. drm_read uses the length parameter to copy the event to the user space thus resuling in oob reads.

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-36960

WEB https://git.kernel.org/stable/c/0dbfc73670b357456196130551e586345ca48e1b

WEB https://git.kernel.org/stable/c/2f527e3efd37c7c5e85e8aa86308856b619fa59f

WEB https://git.kernel.org/stable/c/3cd682357c6167f636aec8ac0efaa8ba61144d36

WEB https://git.kernel.org/stable/c/7b5fd3af4a250dd0a2a558e07b43478748eb5d22

WEB https://git.kernel.org/stable/c/a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c

WEB https://git.kernel.org/stable/c/b7bab33c4623c66e3398d5253870d4e88c52dfc0

WEB https://git.kernel.org/stable/c/cef0962f2d3e5fd0660c8efb72321083a1b531a9

WEB https://git.kernel.org/stable/c/deab66596dfad14f1c54eeefdb72428340d72a77

WEB https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html

WEB https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Advisory provided by GitHub Security Advisory Database. Published: June 3, 2024, Modified: April 1, 2025

References

https://git.kernel.org/stable/c/2f527e3efd37c7c5e85e8aa86308856b619fa59f

https://git.kernel.org/stable/c/cef0962f2d3e5fd0660c8efb72321083a1b531a9

https://git.kernel.org/stable/c/3cd682357c6167f636aec8ac0efaa8ba61144d36

https://git.kernel.org/stable/c/b7bab33c4623c66e3398d5253870d4e88c52dfc0

https://git.kernel.org/stable/c/0dbfc73670b357456196130551e586345ca48e1b

https://git.kernel.org/stable/c/7b5fd3af4a250dd0a2a558e07b43478748eb5d22

https://git.kernel.org/stable/c/deab66596dfad14f1c54eeefdb72428340d72a77

https://git.kernel.org/stable/c/a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c

Published: 2024-06-03T07:49:58.951Z

Last Modified: 2025-05-04T09:12:52.237Z

Copied to clipboard!

CVE-2024-36960

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Linux

Affected Versions:

Linux

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!