CVE-2024-36885

CVE Details

Release Date:

2024-05-30

Description

In the Linux kernel, the following vulnerability has been resolved:\ndrm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup:\nkernel BUG at include/linux/scatterlist.h:187!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\nHardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\nRIP: 0010:sg_init_one+0x85/0xa0\nCode: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b\n0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\nRSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\nRBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\nR13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\nFS: 00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\nCall Trace:\n\n? die+0x36/0x90\n? do_trap+0xdd/0x100\n? sg_init_one+0x85/0xa0\n? do_error_trap+0x65/0x80\n? sg_init_one+0x85/0xa0\n? exc_invalid_op+0x50/0x70\n? sg_init_one+0x85/0xa0\n? asm_exc_invalid_op+0x1a/0x20\n? sg_init_one+0x85/0xa0\nnvkm_firmware_ctor+0x14a/0x250 [nouveau]\nnvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\nga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\nr535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n? srso_return_thunk+0x5/0x5f\n? srso_return_thunk+0x5/0x5f\n? nvkm_udevice_new+0x95/0x140 [nouveau]\n? srso_return_thunk+0x5/0x5f\n? srso_return_thunk+0x5/0x5f\n? ktime_get+0x47/0xb0\n? srso_return_thunk+0x5/0x5f\nnvkm_subdev_oneinit_+0x4f/0x120 [nouveau]\nnvkm_subdev_init_+0x39/0x140 [nouveau]\n? srso_return_thunk+0x5/0x5f\nnvkm_subdev_init+0x44/0x90 [nouveau]\nnvkm_device_init+0x166/0x2e0 [nouveau]\nnvkm_udevice_init+0x47/0x70 [nouveau]\nnvkm_object_init+0x41/0x1c0 [nouveau]\nnvkm_ioctl_new+0x16a/0x290 [nouveau]\n? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]\n? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]\nnvkm_ioctl+0x126/0x290 [nouveau]\nnvif_object_ctor+0x112/0x190 [nouveau]\nnvif_device_ctor+0x23/0x60 [nouveau]\nnouveau_cli_init+0x164/0x640 [nouveau]\nnouveau_drm_device_init+0x97/0x9e0 [nouveau]\n? srso_return_thunk+0x5/0x5f\n? pci_update_current_state+0x72/0xb0\n? srso_return_thunk+0x5/0x5f\nnouveau_drm_probe+0x12c/0x280 [nouveau]\n? srso_return_thunk+0x5/0x5f\nlocal_pci_probe+0x45/0xa0\npci_device_probe+0xc7/0x270\nreally_probe+0xe6/0x3a0\n__driver_probe_device+0x87/0x160\ndriver_probe_device+0x1f/0xc0\n__driver_attach+0xec/0x1f0\n? __pfx___driver_attach+0x10/0x10\nbus_for_each_dev+0x88/0xd0\nbus_add_driver+0x116/0x220\ndriver_register+0x59/0x100\n? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]\ndo_one_initcall+0x5b/0x320\ndo_init_module+0x60/0x250\ninit_module_from_file+0x86/0xc0\nidempotent_init_module+0x120/0x2b0\n__x64_sys_finit_module+0x5e/0xb0\ndo_syscall_64+0x83/0x160\n? srso_return_thunk+0x5/0x5f\nentry_SYSCALL_64_after_hwframe+0x71/0x79\nRIP: 0033:0x7feeb5cc20cd\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89\nf7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0\nff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\nRAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd\nRDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035\nRBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310\nR10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055\n---truncated---

See more information about CVE-2024-36885 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	4.4	CVSS Vector:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	Low
Privileges Required:	High	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 9 (kernel)	ELSA-2024-9315	2024-11-14