CVE-2024-53116: Linux kernel security update

A recently discovered vulnerability, CVE-2024-53116, in the Linux kernel has been resolved. The issue was found in drm/panthor and affected the handling of partial GPU mapping of buffer objects (BOs). This update focuses on fixing the bug that caused kernel warnings.

Details

The vulnerability specifically dealt with Panthor incorrectly handling cases where the partial mapping spanned multiple scatterlists and its mapping offset not pointing to the 1st page of the starting scatterlist. The offset variable was not cleared after reaching the starting scatterlist. As a consequence, several warning messages were generated.

The code snippet below demonstrates the problem that has now been resolved

WARNING: CPU: 1 PID: 650 at drivers/iommu/io-pgtable-arm.c:659 __arm_lpae_unmap+x254/x5a
...
pc : __arm_lpae_unmap+x254/x5a
lr : __arm_lpae_unmap+x2cc/x5a
...
Call trace:
 __arm_lpae_unmap+x254/x5a
...
panthor : [drm] drm_WARN_ON(unmapped_sz != pgsize * pgcount)
WARNING: CPU: 1 PID: 650 at drivers/gpu/drm/panthor/panthor_mmu.c:922 panthor_vm_unmap_pages+x124/x1c8 [panthor]
...
pc : panthor_vm_unmap_pages+x124/x1c8 [panthor]
lr : panthor_vm_unmap_pages+x124/x1c8 [panthor]
...
panthor : [drm] *ERROR* failed to unmap range ffffa388f000-ffffa389000 (requested range ffffa388c000-ffffa389000)

To address this issue, one can apply the patch to their Linux kernel, and take appropriate measures for ensuring the safe execution of code.

Original References

This CVE was first reported in the Linux kernel mailing list where the problem was discussed, analyzed, and eventually resolved. The discussions related to this issue can be found at the following locations:

- Linux kernel mailing list (LKML) archive: (https://lkml.org/lkml/2024/6/4/531)
- CVE report on the National Vulnerability Database (NVD): (https://nvd.nist.gov/vuln/detail/CVE-2024-53116)

Exploit Details

Fortunately, this vulnerability has not been exploited in the wild to date. The prompt resolution will better ensure that it doesn't cause any significant damage. However, it is crucial to apply the necessary patches and updates to prevent any potential threats in the future.

Conclusion

Keeping your systems up-to-date is a crucial and effective way to protect against exploits. Applying this security update and patch can help protect your systems from future threats related to this vulnerability (CVE-2024-53116). Don't forget to monitor security patch releases and stay informed about the latest threats.

Timeline

Published on: 12/02/2024 14:15:12 UTC
Last modified on: 12/19/2024 09:39:33 UTC