CVE-2024-41094

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.23-06226-g4986cc3e1b75-dirty #250

Description The vulnerability is related to the drm/fbdev-dma module in the Linux kernel. It occurs when the smem start is set, which can break systems where DMA memory is backed by vmalloc address space. The issue arises because DMA memory is assumed to be contiguous in physical address space, which is not guaranteed by vmalloc(). To resolve this, the module flag drm leak fbdev smem should be checked when DRM allocates the instance of struct fb info. The fbdev-dma then only sets smem start if required, and the framebuffer should not be located in vmalloc address space.

Recommendations To resolve the issue, check the module flag drm leak fbdev smem when DRM allocates the instance of struct fb info. Then, only set smem start if required via FBINFO HIDE SMEM START. Also, ensure the framebuffer is not located in vmalloc address space.

As a temporary workaround, consider disabling the drm fbdev dma helper fb probe function until a patch is available. Restrict access to the drm fbdev dma module to minimize the risk of exploitation. Avoid using the smem start parameter in the affected kernel versions until the issue is resolved.