CVE-2024-35916 : In the Linux kernel, the following vulnerability has been resolved: dma-buf: Fi

In the Linux kernel, the following vulnerability has been resolved: dma-buf: Fix NULL pointer dereference in sanitycheck() If due to a memory allocation failure mock_chain() returns NULL, it is passed to dma_fence_enable_sw_signaling() resulting in NULL pointer dereference there. Call dma_fence_enable_sw_signaling() only if mock_chain() succeeds. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Published 2024-05-19 08:35:09

Updated 2025-04-04 14:24:30

Source Linux

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2024-35916

Linux » Linux Kernel
Versions from including (>=) 6.1 and before (<) 6.1.85
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.2 and before (<) 6.6.26
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 6.7 and before (<) 6.8.5
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 6.9 Update RC1
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-35916

EPSS FAQ

0.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 45 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-35916

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L	3.9	1.4	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-11-07
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low

CWE ids for CVE-2024-35916

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2024-35916

https://git.kernel.org/stable/c/eabf131cba1db12005a68378305f13b9090a7a6b

dma-buf: Fix NULL pointer dereference in sanitycheck() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/0336995512cdab0c65e99e4cdd47c4606debe14e

dma-buf: Fix NULL pointer dereference in sanitycheck() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/2295bd846765c766701e666ed2e4b35396be25e6

dma-buf: Fix NULL pointer dereference in sanitycheck() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/156c226cbbdcf5f3bce7b2408a33b59fab7fae2c

dma-buf: Fix NULL pointer dereference in sanitycheck() - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2024-35916

Products affected by CVE-2024-35916

Exploit prediction scoring system (EPSS) score for CVE-2024-35916

CVSS scores for CVE-2024-35916

CWE ids for CVE-2024-35916

References for CVE-2024-35916