[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2024-26984":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":25,"related":26,"reserved_at":9,"published_at":27,"modified_at":28,"state":9,"summary":29,"references_raw":31,"kevs":38,"epss":9,"epss_history":39,"metrics":40,"affected":47},"DEBIAN-CVE-2024-26984","In the Linux kernel, the following vulnerability has been resolved:  nouveau: fix instmem race condition around ptr stores  Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash.  BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 8000000114e6e067 P4D 8000000114e6e067 PUD 109046067 PMD 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 7 PID: 53891 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27 Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021 RIP: 0010:gp100_vmm_pgt_mem+0xe3/0x180 [nouveau] Code: c7 48 01 c8 49 89 45 58 85 d2 0f 84 95 00 00 00 41 0f b7 46 12 49 8b 7e 08 89 da 42 8d 2c f8 48 8b 47 08 41 83 c7 01 48 89 ee \u003C48> 8b 40 08 ff d0 0f 1f 00 49 8b 7e 08 48 89 d9 48 8d 75 04 48 c1 RSP: 0000:ffffac20c5857838 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 00000000004d8001 RCX: 0000000000000001 RDX: 00000000004d8001 RSI: 00000000000006d8 RDI: ffffa07afe332180 RBP: 00000000000006d8 R08: ffffac20c5857ad0 R09: 0000000000ffff10 R10: 0000000000000001 R11: ffffa07af27e2de0 R12: 000000000000001c R13: ffffac20c5857ad0 R14: ffffa07a96fe9040 R15: 000000000000001c FS:  00007fe395eed7c0(0000) GS:ffffa07e2c980000(0000) knlGS:0000000000000000 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000011febe001 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace:  ...   ? gp100_vmm_pgt_mem+0xe3/0x180 [nouveau]  ? gp100_vmm_pgt_mem+0x37/0x180 [nouveau]  nvkm_vmm_iter+0x351/0xa20 [nouveau]  ? __pfx_nvkm_vmm_ref_ptes+0x10/0x10 [nouveau]  ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau]  ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau]  ? __lock_acquire+0x3ed/0x2170  ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau]  nvkm_vmm_ptes_get_map+0xc2/0x100 [nouveau]  ? __pfx_nvkm_vmm_ref_ptes+0x10/0x10 [nouveau]  ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau]  nvkm_vmm_map_locked+0x224/0x3a0 [nouveau]  Adding any sort of useful debug usually makes it go away, so I hand wrote the function in a line, and debugged the asm.  Every so often pt->memory->ptrs is NULL. This ptrs ptr is set in the nv50_instobj_acquire called from nvkm_kmap.  If Thread A and Thread B both get to nv50_instobj_acquire around the same time, and Thread A hits the refcount_set line, and in lockstep thread B succeeds at refcount_inc_not_zero, there is a chance the ptrs value won't have been stored since refcount_set is unordered. Force a memory barrier here, I picked smp_mb, since we want it on all CPUs and it's write followed by a read.  v2: use paired smp_rmb/smp_wmb.",null,[],[],[],[14],{"_key":15},"CVE-2024-26984",[17,19,21,23],{"_key":18},"DLA-3840-1",{"_key":20},"DLA-3842-1",{"_key":22},"DSA-5680-1",{"_key":24},"DSA-5681-1",[],[],"2024-05-01T06:15:15.880Z","2026-04-28T20:27:46.052780Z",{"cisa_kev":30,"cisa_ransomware":30,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[32],{"url":33,"sources":34,"tags":36},"https://security-tracker.debian.org/tracker/CVE-2024-26984",[35],"osv_debian",[37],"Advisory",[],[],[41],{"source":35,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":42,"cvss_v4_0":9},{"baseScore":43,"baseSeverity":9,"vectorString":44,"impactScore":45,"exploitabilityScore":46},5.5,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",6,4.6,[48],{"ecosystem":49,"name":50,"vendor":51,"product":50,"cpe_part":9,"purl_type":52,"purl_namespace":51,"purl_name":50,"source":9,"versions":53},"Debian","linux","debian","deb",[54,60,63,66],{"version":55,"is_range":56,"range_type":57,"version_start":9,"version_start_type":9,"version_end":58,"version_end_type":59,"fixed_in":9},"lt5_10_216_1",true,"ecosystem","5.10.216-1","excluding",{"version":61,"is_range":56,"range_type":57,"version_start":9,"version_start_type":9,"version_end":62,"version_end_type":59,"fixed_in":9},"lt6_1_90_1","6.1.90-1",{"version":64,"is_range":56,"range_type":57,"version_start":9,"version_start_type":9,"version_end":65,"version_end_type":59,"fixed_in":9},"lt6_8_9_1","6.8.9-1",{"version":64,"is_range":56,"range_type":57,"version_start":9,"version_start_type":9,"version_end":65,"version_end_type":59,"fixed_in":9}]