CVE-2024-46710

drm/vmwgfx: Prevent unmapping active read buffers

Description

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers The kms paths keep a persistent map active to read and compare the cursor buffer. These maps can race with each other in simple scenario where: a) buffer "a" mapped for update b) buffer "a" mapped for compare c) do the compare d) unmap "a" for compare e) update the cursor f) unmap "a" for update At step "e" the buffer has been unmapped and the read contents is bogus. Prevent unmapping of active read buffers by simply keeping a count of how many paths have currently active maps and unmap only when the count reaches 0.

4.7
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/58a3714db4d9dcaeb9fc4905141e17b9f536c0a5
https://git.kernel.org/stable/c/0851b1ec650adadcaa23ec96daad95a55bf966f0
https://git.kernel.org/stable/c/d5228d158e4c0b1663b3983044913c15c3d0135e patch
https://git.kernel.org/stable/c/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea patch

Frequently Asked Questions

What is the severity of CVE-2024-46710?
CVE-2024-46710 has been scored as a medium severity vulnerability.
How to fix CVE-2024-46710?
To fix CVE-2024-46710, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-46710 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-46710 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-46710?
CVE-2024-46710 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.