Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-cve / . / cve / rejected / 2024 / CVE-2024-36885.json
blob: 8d004c4006dc4ac8c4c5076c2866156047cdcdc0 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup:\n\n kernel BUG at include/linux/scatterlist.h:187!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\n Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\n RIP: 0010:sg_init_one+0x85/0xa0\n Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n 24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n 0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\n RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\n RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\n RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\n R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\n FS: 00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\n Call Trace:\n <TASK>\n ? die+0x36/0x90\n ? do_trap+0xdd/0x100\n ? sg_init_one+0x85/0xa0\n ? do_error_trap+0x65/0x80\n ? sg_init_one+0x85/0xa0\n ? exc_invalid_op+0x50/0x70\n ? sg_init_one+0x85/0xa0\n ? asm_exc_invalid_op+0x1a/0x20\n ? sg_init_one+0x85/0xa0\n nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? nvkm_udevice_new+0x95/0x140 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? ktime_get+0x47/0xb0\n ? srso_return_thunk+0x5/0x5f\n nvkm_subdev_oneinit_+0x4f/0x120 [nouveau]\n nvkm_subdev_init_+0x39/0x140 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n nvkm_subdev_init+0x44/0x90 [nouveau]\n nvkm_device_init+0x166/0x2e0 [nouveau]\n nvkm_udevice_init+0x47/0x70 [nouveau]\n nvkm_object_init+0x41/0x1c0 [nouveau]\n nvkm_ioctl_new+0x16a/0x290 [nouveau]\n ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]\n ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]\n nvkm_ioctl+0x126/0x290 [nouveau]\n nvif_object_ctor+0x112/0x190 [nouveau]\n nvif_device_ctor+0x23/0x60 [nouveau]\n nouveau_cli_init+0x164/0x640 [nouveau]\n nouveau_drm_device_init+0x97/0x9e0 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? pci_update_current_state+0x72/0xb0\n ? srso_return_thunk+0x5/0x5f\n nouveau_drm_probe+0x12c/0x280 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n local_pci_probe+0x45/0xa0\n pci_device_probe+0xc7/0x270\n really_probe+0xe6/0x3a0\n __driver_probe_device+0x87/0x160\n driver_probe_device+0x1f/0xc0\n __driver_attach+0xec/0x1f0\n ? __pfx___driver_attach+0x10/0x10\n bus_for_each_dev+0x88/0xd0\n bus_add_driver+0x116/0x220\n driver_register+0x59/0x100\n ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]\n do_one_initcall+0x5b/0x320\n do_init_module+0x60/0x250\n init_module_from_file+0x86/0xc0\n idempotent_init_module+0x120/0x2b0\n __x64_sys_finit_module+0x5e/0xb0\n do_syscall_64+0x83/0x160\n ? srso_return_thunk+0x5/0x5f\n entry_SYSCALL_64_after_hwframe+0x71/0x79\n RIP: 0033:0x7feeb5cc20cd\n Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89\n f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0\n ff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48\n RSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n RAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd\n RDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035\n RBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310\n R10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055\n---truncated---"
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/gpu/drm/nouveau/nvkm/core/firmware.c"
],
"versions": [
{
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"lessThan": "1a88c18da464db0ba8ea25196d0a06490f65322e",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"lessThan": "e05af009302893f39b072811a68fa4a196284c75",
"status": "affected",
"versionType": "git"
},
{
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"lessThan": "52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/gpu/drm/nouveau/nvkm/core/firmware.c"
],
"versions": [
{
"version": "6.6.31",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.8.10",
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.9",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1a88c18da464db0ba8ea25196d0a06490f65322e"
},
{
"url": "https://git.kernel.org/stable/c/e05af009302893f39b072811a68fa4a196284c75"
},
{
"url": "https://git.kernel.org/stable/c/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2"
}
],
"title": "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2024-36885",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}