{"id":"CVE-2024-39497","summary":"drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)\n\nLack of check for copy-on-write (COW) mapping in drm_gem_shmem_mmap\nallows users to call mmap with PROT_WRITE and MAP_PRIVATE flag\ncausing a kernel panic due to BUG_ON in vmf_insert_pfn_prot:\nBUG_ON((vma-\u003evm_flags & VM_PFNMAP) && is_cow_mapping(vma-\u003evm_flags));\n\nReturn -EINVAL early if COW mapping is detected.\n\nThis bug affects all drm drivers using default shmem helpers.\nIt can be reproduced by this simple example:\nvoid *ptr = mmap(0, size, PROT_WRITE, MAP_PRIVATE, fd, mmap_offset);\nptr[0] = 0;","modified":"2026-04-02T12:17:03.129614Z","published":"2024-07-12T12:20:32.330Z","related":["SUSE-SU-2024:2894-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2947-1","SUSE-SU-2024:3194-1","SUSE-SU-2024:3195-1","SUSE-SU-2024:3383-1","SUSE-SU-2025:20044-1","SUSE-SU-2025:20047-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39497.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/03c71c42809ef4b17f5d874cdb2d3bf40e847b86"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1b4a8b89bf6787090b56424d269bf84ba00c3263"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2219e5f97244b79c276751a1167615b9714db1b0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/39bc27bd688066a63e56f7f64ad34fae03fbe3b8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3ae63a8c1685e16958560ec08d30defdc5b9cca0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a508a102edf8735adc9bb73d37dd13c38d1a1b10"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39497.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39497"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2194a63a818db71065ebe09c8104f5f021ca4e7b"},{"fixed":"a508a102edf8735adc9bb73d37dd13c38d1a1b10"},{"fixed":"3ae63a8c1685e16958560ec08d30defdc5b9cca0"},{"fixed":"2219e5f97244b79c276751a1167615b9714db1b0"},{"fixed":"1b4a8b89bf6787090b56424d269bf84ba00c3263"},{"fixed":"03c71c42809ef4b17f5d874cdb2d3bf40e847b86"},{"fixed":"39bc27bd688066a63e56f7f64ad34fae03fbe3b8"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39497.json"}}],"schema_version":"1.7.5"}