{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-26984","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.204Z","datePublished":"2024-05-01T05:27:20.506Z","dateUpdated":"2026-05-11T20:08:09.697Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:08:09.697Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau: fix instmem race condition around ptr stores\n\nRunning a lot of VK CTS in parallel against nouveau, once every\nfew hours you might see something like this crash.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nPGD 8000000114e6e067 P4D 8000000114e6e067 PUD 109046067 PMD 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 7 PID: 53891 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27\nHardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021\nRIP: 0010:gp100_vmm_pgt_mem+0xe3/0x180 [nouveau]\nCode: c7 48 01 c8 49 89 45 58 85 d2 0f 84 95 00 00 00 41 0f b7 46 12 49 8b 7e 08 89 da 42 8d 2c f8 48 8b 47 08 41 83 c7 01 48 89 ee <48> 8b 40 08 ff d0 0f 1f 00 49 8b 7e 08 48 89 d9 48 8d 75 04 48 c1\nRSP: 0000:ffffac20c5857838 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: 00000000004d8001 RCX: 0000000000000001\nRDX: 00000000004d8001 RSI: 00000000000006d8 RDI: ffffa07afe332180\nRBP: 00000000000006d8 R08: ffffac20c5857ad0 R09: 0000000000ffff10\nR10: 0000000000000001 R11: ffffa07af27e2de0 R12: 000000000000001c\nR13: ffffac20c5857ad0 R14: ffffa07a96fe9040 R15: 000000000000001c\nFS:  00007fe395eed7c0(0000) GS:ffffa07e2c980000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 000000011febe001 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\n...\n\n ? gp100_vmm_pgt_mem+0xe3/0x180 [nouveau]\n ? gp100_vmm_pgt_mem+0x37/0x180 [nouveau]\n nvkm_vmm_iter+0x351/0xa20 [nouveau]\n ? __pfx_nvkm_vmm_ref_ptes+0x10/0x10 [nouveau]\n ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau]\n ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau]\n ? __lock_acquire+0x3ed/0x2170\n ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau]\n nvkm_vmm_ptes_get_map+0xc2/0x100 [nouveau]\n ? __pfx_nvkm_vmm_ref_ptes+0x10/0x10 [nouveau]\n ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau]\n nvkm_vmm_map_locked+0x224/0x3a0 [nouveau]\n\nAdding any sort of useful debug usually makes it go away, so I hand\nwrote the function in a line, and debugged the asm.\n\nEvery so often pt->memory->ptrs is NULL. This ptrs ptr is set in\nthe nv50_instobj_acquire called from nvkm_kmap.\n\nIf Thread A and Thread B both get to nv50_instobj_acquire around\nthe same time, and Thread A hits the refcount_set line, and in\nlockstep thread B succeeds at refcount_inc_not_zero, there is a\nchance the ptrs value won't have been stored since refcount_set\nis unordered. Force a memory barrier here, I picked smp_mb, since\nwe want it on all CPUs and it's write followed by a read.\n\nv2: use paired smp_rmb/smp_wmb."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c"],"versions":[{"version":"be55287aa5ba6895e9d4d3ed2f08a1be7a065957","lessThan":"bba8ec5e9b16649d85bc9e9086bf7ae5b5716ff9","status":"affected","versionType":"git"},{"version":"be55287aa5ba6895e9d4d3ed2f08a1be7a065957","lessThan":"1bc4825d4c3ec6abe43cf06c3c39d664d044cbf7","status":"affected","versionType":"git"},{"version":"be55287aa5ba6895e9d4d3ed2f08a1be7a065957","lessThan":"13d76b2f443dc371842916dd8768009ff1594716","status":"affected","versionType":"git"},{"version":"be55287aa5ba6895e9d4d3ed2f08a1be7a065957","lessThan":"3ab056814cd8ab84744c9a19ef51360b2271c572","status":"affected","versionType":"git"},{"version":"be55287aa5ba6895e9d4d3ed2f08a1be7a065957","lessThan":"ad74d208f213c06d860916ad40f609ade8c13039","status":"affected","versionType":"git"},{"version":"be55287aa5ba6895e9d4d3ed2f08a1be7a065957","lessThan":"a019b44b1bc6ed224c46fb5f88a8a10dd116e525","status":"affected","versionType":"git"},{"version":"be55287aa5ba6895e9d4d3ed2f08a1be7a065957","lessThan":"21ca9539f09360fd83654f78f2c361f2f5ddcb52","status":"affected","versionType":"git"},{"version":"be55287aa5ba6895e9d4d3ed2f08a1be7a065957","lessThan":"fff1386cc889d8fb4089d285f883f8cba62d82ce","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c"],"versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","status":"unaffected","versionType":"semver"},{"version":"4.19.313","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.275","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.216","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.157","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.88","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.29","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.8.8","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.313"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.4.275"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.10.216"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.15.157"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.1.88"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.6.29"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.8.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/bba8ec5e9b16649d85bc9e9086bf7ae5b5716ff9"},{"url":"https://git.kernel.org/stable/c/1bc4825d4c3ec6abe43cf06c3c39d664d044cbf7"},{"url":"https://git.kernel.org/stable/c/13d76b2f443dc371842916dd8768009ff1594716"},{"url":"https://git.kernel.org/stable/c/3ab056814cd8ab84744c9a19ef51360b2271c572"},{"url":"https://git.kernel.org/stable/c/ad74d208f213c06d860916ad40f609ade8c13039"},{"url":"https://git.kernel.org/stable/c/a019b44b1bc6ed224c46fb5f88a8a10dd116e525"},{"url":"https://git.kernel.org/stable/c/21ca9539f09360fd83654f78f2c361f2f5ddcb52"},{"url":"https://git.kernel.org/stable/c/fff1386cc889d8fb4089d285f883f8cba62d82ce"}],"title":"nouveau: fix instmem race condition around ptr stores","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-362","lang":"en","description":"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}],"affected":[{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"be55287aa5ba","status":"affected","lessThan":"bba8ec5e9b16","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"be55287aa5ba","status":"affected","lessThan":"1bc4825d4c3e","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"be55287aa5ba","status":"affected","lessThan":"13d76b2f443d","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"be55287aa5ba","status":"affected","lessThan":"3ab056814cd8","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"be55287aa5ba","status":"affected","lessThan":"ad74d208f213","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"be55287aa5ba","status":"affected","lessThan":"a019b44b1bc6","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"be55287aa5ba","status":"affected","lessThan":"21ca9539f093","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"be55287aa5ba","status":"affected","lessThan":"fff1386cc889","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.19.313","status":"unaffected","lessThan":"4.20","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5.4.275","status":"unaffected","lessThan":"5.5","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5.15.157","status":"unaffected","lessThan":"5.16","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.1.88","status":"unaffected","lessThan":"6.2","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.6.29","status":"unaffected","lessThan":"6.7","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.8.8","status":"unaffected","lessThan":"6.9","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.9","status":"unaffected"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"unaffected","lessThan":"4.15","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:4.15:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.15","status":"affected"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"5.10.216","status":"unaffected","lessThan":"5.11","versionType":"custom"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-02-05T20:59:23.585345Z","id":"CVE-2024-26984","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-05T20:59:40.867Z"}},{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/bba8ec5e9b16649d85bc9e9086bf7ae5b5716ff9","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1bc4825d4c3ec6abe43cf06c3c39d664d044cbf7","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/13d76b2f443dc371842916dd8768009ff1594716","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3ab056814cd8ab84744c9a19ef51360b2271c572","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ad74d208f213c06d860916ad40f609ade8c13039","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a019b44b1bc6ed224c46fb5f88a8a10dd116e525","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/21ca9539f09360fd83654f78f2c361f2f5ddcb52","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/fff1386cc889d8fb4089d285f883f8cba62d82ce","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T17:15:10.866Z"}}]},"dataVersion":"5.2"}