CVE & CISA-KEV Catalog

CVE-2024-46712

MEDIUM
5.5
CVSS v3
NVD

Description

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3d Coherent surfaces make only sense if the host renders to them using accelerated apis. Without 3d the entire content of dumb buffers stays in the guest making all of the extra work they're doing to synchronize between guest and host useless. Configurations without 3d also tend to run with very low graphics memory limits. The pinned console fb, mob cursors and graphical login manager tend to run out of 16MB graphics memory that those guests use. Fix it by making sure the coherent dumb buffers are only used on configs with 3d enabled.

How to fix

Remediation Available
linuxDebian
Fixed in:6.10.9-1CVE-2024-46712
Fixed in:6.10.9-1CVE-2024-46712

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.18%probability of exploitation in 30 days
7thpercentile

Low risk: more likely to be exploited than 7% of all known CVEs.

References

Embed a live status badge for CVE-2024-46712
CVE-2024-46712 severity badge

Markdown

[![CVE-2024-46712](https://tridentstack.com/cve/badge/CVE-2024-46712.svg)](https://tridentstack.com/cve/CVE-2024-46712)

HTML

<a href="https://tridentstack.com/cve/CVE-2024-46712"><img src="https://tridentstack.com/cve/badge/CVE-2024-46712.svg" alt="CVE-2024-46712"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-09-19.