CVE-2024-26984

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description The vulnerability is related to a race condition in the nouveau component of the Linux kernel, which can cause a NULL pointer dereference. This issue can occur when running a large number of VK CTS in parallel against nouveau. The problem arises from the nv50 instobj acquire function, where the ptrs pointer is set. If two threads, Thread A and Thread B, reach this function at the same time, and Thread A hits the refcount set line while Thread B succeeds at refcount inc not zero, there is a chance that the ptrs value won't have been stored since refcount set is unordered. To fix this, a memory barrier is added using smp mb to ensure that the write is followed by a read on all CPUs.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.37 or later. This update includes the fix for the nouveau component, which addresses the race condition and prevents the NULL pointer dereference.