CVE-2024-43867

MEDIUM

Linux Kernel < 5.4.282 - Integer Underflow

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix refcount underflow Calling nouveau_bo_ref() on a nouveau_bo without initializing it (and hence the backing ttm_bo) leads to a refcount underflow. Instead of calling nouveau_bo_ref() in the unwind path of drm_gem_object_init(), clean things up manually. (cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)

References (9)

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

[Patch] https://git.kernel.org/stable/c/16998763c62bb465ebc409d0373b9cdcef1a61a6

[Patch] https://git.kernel.org/stable/c/2a1b327d57a8ac080977633a18999f032d7e9e3f

[Patch] https://git.kernel.org/stable/c/3bcb8bba72ce89667fa863054956267c450c47ef

[Patch] https://git.kernel.org/stable/c/906372e753c5027a1dc88743843b6aa2ad1aaecf

[Patch] https://git.kernel.org/stable/c/a9bf3efc33f1fbf88787a277f7349459283c9b95

[Patch] https://git.kernel.org/stable/c/ebebba4d357b6c67f96776a48ddbaf0060fa4c10

[Patch] https://git.kernel.org/stable/c/f23cd66933fe76b84d8e282e5606b4d99068c320

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 6.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-191

Status published

Products (8)

linux/Kernel 3.9.0 - 5.4.282linux

linux/Kernel 5.11.0 - 5.15.165linux

linux/Kernel 5.16.0 - 6.1.104linux

linux/Kernel 5.5.0 - 5.10.224linux

linux/Kernel 6.2.0 - 6.6.45linux

linux/Kernel 6.7.0 - 6.10.4linux

linux/linux_kernel 6.11 rc1

linux/linux_kernel 3.9 - 5.4.282

Published Aug 21, 2024

Tracked Since Feb 18, 2026