CVE-2024-46710 Information

Description

In the Linux kernel the following vulnerability has been resolved:

drm/vmwgfx: Prevent unmapping active read buffers

The kms paths keep a persistent map active to read and compare the cursor buffer. These maps can race with each other in simple scenario where: a) buffer \ mapped for update b) buffer \ mapped for compare c) do the compare d) unmap \ for compare e) update the cursor f) unmap \ for update At step \ the buffer has been unmapped and the read contents is bogus.

Prevent unmapping of active read buffers by simply keeping a count of how many paths have currently active maps and unmap only when the count reaches 0.

Reference

https://git.kernel.org/stable/c/d5228d158e4c0b1663b3983044913c15c3d0135e https://git.kernel.org/stable/c/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea