Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy errorThe `nouveau_dmem_copy_one` function ensures that the copy push command issent to the device firmware but does not track whether it was executedsuccessfully.In the case of a copy error (e.g., firmware or hardware failure), thecopy push command will be sent via the firmware channel, and`nouveau_dmem_copy_one` will likely report success, leading to the`migrate_to_ram` function returning a dirty HIGH_USER page to the user.This can result in a security vulnerability, as a HIGH_USER page that maycontain sensitive or corrupted data could be returned to the user.To prevent this vulnerability, we allocate a zero page. Thus, in case ofan error, a non-dirty (zero) page will be returned to the user.
No PoCs from references.
- https://github.com/w4zu/Debian_security