PT-2024-33928 · Linux+7 · Linux Kernel+7
Gal Shalom
+1
·
Published
2024-10-25
·
Updated
2025-10-03
·
CVE-2024-50096
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
A security issue has been identified in the Linux kernel, specifically in the
nouveau/dmem component. The nouveau dmem copy one function does not track whether the copy push command is executed successfully, potentially leading to a security vulnerability. In the event of a copy error, such as firmware or hardware failure, a dirty HIGH USER page may be returned to the user, potentially containing sensitive or corrupted data. To mitigate this, a zero page is allocated to ensure a non-dirty page is returned in case of an error.Recommendations:
To prevent this vulnerability, allocate a zero page to ensure that in case of an error, a non-dirty (zero) page will be returned to the user.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu