CVE-2024-27062

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc6+

Description The vulnerability is related to the nouveau driver in the Linux kernel. It appears that the client object tree has no locking, which can cause races around adding or removing client objects, mostly related to vram bar mappings. This can lead to a general protection fault. The issue is resolved by locking the client object tree.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the vulnerability. Specifically, update to a version later than 6.8.0-rc6+. As a temporary workaround, consider disabling the nvkm object search function until a patch is available. Restrict access to the vulnerable module nouveau to minimize the risk of exploitation. Avoid using the nvif object map handle and nouveau ttm io mem reserve functions in the affected API endpoints until the issue is resolved.