What is the severity of CVE-2024-26943?

CVE-2024-26943 is classified as a high severity vulnerability due to the potential for dereferencing null pointers leading to crashes or undefined behavior.

How do I fix CVE-2024-26943?

To fix CVE-2024-26943, update your Linux kernel to one of the patched versions: 5.10.223-1, 5.10.226-1, 6.1.123-1, 6.1.119-1, or 6.12.10-1.

What software is affected by CVE-2024-26943?

CVE-2024-26943 affects the Linux kernel versions prior to those mentioned in the fixed versions, notably in Debian packages.

What are the consequences of not addressing CVE-2024-26943?

If CVE-2024-26943 is not addressed, systems may experience stability issues or crashes due to null pointer dereferencing.

Is CVE-2024-26943 under active exploit?

As of the latest information, there are no confirmed active exploits for CVE-2024-26943, but it is recommended to apply patches to mitigate potential risks.

Vulnerability/
CVE-2024-26943

CWE

476

1/5/2024

19/12/2024

CVE-2024-26943: nouveau/dmem: handle kcalloc() allocation failure

First published: Wed May 01 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: handle kcalloc() allocation failure The kcalloc() in nouveau_dmem_evict_chunk() will return null if the physical memory has run out. As a result, if we dereference src_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs will happen. Moreover, the GPU is going away. If the kcalloc() fails, we could not evict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL flag in kcalloc(). Finally, as there is no need to have physically contiguous memory, this patch switches kcalloc() to kvcalloc() in order to avoid failing allocations.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
debian/linux		5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1

Remedy

https://git.kernel.org/linus/249881232e1471d28b68f9a3829acc14d150cf5d

Remedy

https://git.kernel.org/linus/16e87fe23d4af6df920406494ced5c0f4354567b

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-26943?
CVE-2024-26943 is classified as a high severity vulnerability due to the potential for dereferencing null pointers leading to crashes or undefined behavior.
How do I fix CVE-2024-26943?
To fix CVE-2024-26943, update your Linux kernel to one of the patched versions: 5.10.223-1, 5.10.226-1, 6.1.123-1, 6.1.119-1, or 6.12.10-1.
What software is affected by CVE-2024-26943?
CVE-2024-26943 affects the Linux kernel versions prior to those mentioned in the fixed versions, notably in Debian packages.
What are the consequences of not addressing CVE-2024-26943?
If CVE-2024-26943 is not addressed, systems may experience stability issues or crashes due to null pointer dereferencing.
Is CVE-2024-26943 under active exploit?
As of the latest information, there are no confirmed active exploits for CVE-2024-26943, but it is recommended to apply patches to mitigate potential risks.

agent/weakness
agent/title
agent/severity
agent/type
collector/nvd-api
source/NVD
agent/remedy
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
collector/usn-cve
source/Ubuntu
collector/nvd-cve
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/description
agent/event
agent/trending
agent/tags
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/softwarecombine
agent/source
package-manager/debian

Frequently Asked Questions

What is the severity of CVE-2024-26943?
CVE-2024-26943 is classified as a high severity vulnerability due to the potential for dereferencing null pointers leading to crashes or undefined behavior.
How do I fix CVE-2024-26943?
To fix CVE-2024-26943, update your Linux kernel to one of the patched versions: 5.10.223-1, 5.10.226-1, 6.1.123-1, 6.1.119-1, or 6.12.10-1.
What software is affected by CVE-2024-26943?
CVE-2024-26943 affects the Linux kernel versions prior to those mentioned in the fixed versions, notably in Debian packages.
What are the consequences of not addressing CVE-2024-26943?
If CVE-2024-26943 is not addressed, systems may experience stability issues or crashes due to null pointer dereferencing.
Is CVE-2024-26943 under active exploit?
As of the latest information, there are no confirmed active exploits for CVE-2024-26943, but it is recommended to apply patches to mitigate potential risks.

CVE-2024-26943: nouveau/dmem: handle kcalloc() allocation failure

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-26943?

How do I fix CVE-2024-26943?

What software is affected by CVE-2024-26943?

What are the consequences of not addressing CVE-2024-26943?

Is CVE-2024-26943 under active exploit?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-26943?

How do I fix CVE-2024-26943?

What software is affected by CVE-2024-26943?

What are the consequences of not addressing CVE-2024-26943?

Is CVE-2024-26943 under active exploit?