CVE-2024-45012: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: nouveau/firmware: use dma non-coherent allocator Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on startup, when the iommu is enabled: kernel BUG at include/linux/scatterlist.h:187! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30 Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019 RIP: 0010:sg_init_one+0x85/0xa0 Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54 24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b 0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00 RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000 RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000 R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508 R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018 FS: 00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0 Call Trace: <TASK> ? die+0x36/0x90 ? do_trap+0xdd/0x100 ? sg_init_one+0x85/0xa0 ? do_error_trap+0x65/0x80 ? sg_init_one+0x85/0xa0 ? exc_invalid_op+0x50/0x70 ? sg_init_one+0x85/0xa0 ? asm_exc_invalid_op+0x1a/0x20 ? sg_init_one+0x85/0xa0 nvkm_firmware_ctor+0x14a/0x250 [nouveau] nvkm_falcon_fw_ctor+0x42/0x70 [nouveau] ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau] r535_gsp_oneinit+0xb3/0x15f0 [nouveau] ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? nvkm_udevice_new+0x95/0x140 [nouveau] ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? ktime_get+0x47/0xb0 Fix this by using the non-coherent allocator instead, I think there might be a better answer to this, but it involve ripping up some of APIs using sg lists.
AI Analysis
Technical Summary
CVE-2024-45012 is a vulnerability identified in the Linux kernel specifically affecting the nouveau driver, which is the open-source driver for NVIDIA GPUs. The issue arises when the kernel is compiled with the SG_DEBUG option enabled and the system's IOMMU (Input-Output Memory Management Unit) is active. Under these conditions, the nouveau driver triggers a kernel BUG() during startup, causing a system crash. The root cause is linked to the use of a DMA (Direct Memory Access) coherent allocator in the nouveau firmware loading process. The vulnerability manifests as an invalid opcode exception in the sg_init_one() function within the scatterlist subsystem, which is responsible for managing memory buffers for DMA operations. This leads to a kernel panic and system halt, impacting system availability. The proposed fix involves switching to a DMA non-coherent allocator to avoid the BUG() condition. While this patch addresses the immediate crash, the description notes that a more comprehensive solution may require significant API changes related to scatter-gather lists. Currently, there are no known exploits in the wild, and no CVSS score has been assigned. The vulnerability affects Linux kernel versions around 6.9.0-rc3 and potentially other versions using the nouveau driver with SG_DEBUG and IOMMU enabled.
Potential Impact
For European organizations, this vulnerability primarily threatens system availability and stability on Linux systems using the nouveau driver with specific kernel configurations. Organizations relying on Linux servers or workstations with NVIDIA GPUs running workloads that enable SG_DEBUG and IOMMU could experience unexpected kernel panics, leading to downtime and potential disruption of critical services. This is particularly relevant for sectors with high GPU usage such as scientific research, media production, and data centers. Although the vulnerability does not directly expose confidentiality or integrity risks, the forced system crashes could be exploited in denial-of-service scenarios, especially in environments where kernel debugging features are enabled. The lack of known exploits reduces immediate risk, but the potential for accidental or malicious triggering remains. European organizations with customized kernel builds or those using bleeding-edge kernel versions are at higher risk. Additionally, the complexity of the fix suggests that patch deployment may require careful testing to avoid regressions.
Mitigation Recommendations
1. Disable SG_DEBUG kernel configuration unless explicitly needed for debugging purposes, as this flag triggers the vulnerability. 2. Apply the latest Linux kernel patches that implement the fix by switching to a DMA non-coherent allocator in the nouveau driver. 3. For organizations using custom or experimental kernels, coordinate with kernel maintainers or vendors to ensure the patch is integrated and tested before deployment. 4. Monitor kernel logs for BUG() messages related to scatterlist or nouveau during system startup to detect potential triggering of this issue. 5. Avoid enabling IOMMU unless necessary, or test thoroughly in environments where IOMMU is enabled alongside nouveau. 6. Maintain updated backups and implement robust system recovery procedures to minimize downtime in case of crashes. 7. Engage with Linux distribution security advisories to track patch releases and deployment recommendations. 8. Consider alternative GPU drivers or hardware configurations if immediate mitigation is required and patching is delayed.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-45012: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: nouveau/firmware: use dma non-coherent allocator Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on startup, when the iommu is enabled: kernel BUG at include/linux/scatterlist.h:187! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30 Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019 RIP: 0010:sg_init_one+0x85/0xa0 Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54 24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b 0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00 RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000 RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000 R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508 R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018 FS: 00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0 Call Trace: <TASK> ? die+0x36/0x90 ? do_trap+0xdd/0x100 ? sg_init_one+0x85/0xa0 ? do_error_trap+0x65/0x80 ? sg_init_one+0x85/0xa0 ? exc_invalid_op+0x50/0x70 ? sg_init_one+0x85/0xa0 ? asm_exc_invalid_op+0x1a/0x20 ? sg_init_one+0x85/0xa0 nvkm_firmware_ctor+0x14a/0x250 [nouveau] nvkm_falcon_fw_ctor+0x42/0x70 [nouveau] ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau] r535_gsp_oneinit+0xb3/0x15f0 [nouveau] ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? nvkm_udevice_new+0x95/0x140 [nouveau] ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? ktime_get+0x47/0xb0 Fix this by using the non-coherent allocator instead, I think there might be a better answer to this, but it involve ripping up some of APIs using sg lists.
AI-Powered Analysis
Technical Analysis
CVE-2024-45012 is a vulnerability identified in the Linux kernel specifically affecting the nouveau driver, which is the open-source driver for NVIDIA GPUs. The issue arises when the kernel is compiled with the SG_DEBUG option enabled and the system's IOMMU (Input-Output Memory Management Unit) is active. Under these conditions, the nouveau driver triggers a kernel BUG() during startup, causing a system crash. The root cause is linked to the use of a DMA (Direct Memory Access) coherent allocator in the nouveau firmware loading process. The vulnerability manifests as an invalid opcode exception in the sg_init_one() function within the scatterlist subsystem, which is responsible for managing memory buffers for DMA operations. This leads to a kernel panic and system halt, impacting system availability. The proposed fix involves switching to a DMA non-coherent allocator to avoid the BUG() condition. While this patch addresses the immediate crash, the description notes that a more comprehensive solution may require significant API changes related to scatter-gather lists. Currently, there are no known exploits in the wild, and no CVSS score has been assigned. The vulnerability affects Linux kernel versions around 6.9.0-rc3 and potentially other versions using the nouveau driver with SG_DEBUG and IOMMU enabled.
Potential Impact
For European organizations, this vulnerability primarily threatens system availability and stability on Linux systems using the nouveau driver with specific kernel configurations. Organizations relying on Linux servers or workstations with NVIDIA GPUs running workloads that enable SG_DEBUG and IOMMU could experience unexpected kernel panics, leading to downtime and potential disruption of critical services. This is particularly relevant for sectors with high GPU usage such as scientific research, media production, and data centers. Although the vulnerability does not directly expose confidentiality or integrity risks, the forced system crashes could be exploited in denial-of-service scenarios, especially in environments where kernel debugging features are enabled. The lack of known exploits reduces immediate risk, but the potential for accidental or malicious triggering remains. European organizations with customized kernel builds or those using bleeding-edge kernel versions are at higher risk. Additionally, the complexity of the fix suggests that patch deployment may require careful testing to avoid regressions.
Mitigation Recommendations
1. Disable SG_DEBUG kernel configuration unless explicitly needed for debugging purposes, as this flag triggers the vulnerability. 2. Apply the latest Linux kernel patches that implement the fix by switching to a DMA non-coherent allocator in the nouveau driver. 3. For organizations using custom or experimental kernels, coordinate with kernel maintainers or vendors to ensure the patch is integrated and tested before deployment. 4. Monitor kernel logs for BUG() messages related to scatterlist or nouveau during system startup to detect potential triggering of this issue. 5. Avoid enabling IOMMU unless necessary, or test thoroughly in environments where IOMMU is enabled alongside nouveau. 6. Maintain updated backups and implement robust system recovery procedures to minimize downtime in case of crashes. 7. Engage with Linux distribution security advisories to track patch releases and deployment recommendations. 8. Consider alternative GPU drivers or hardware configurations if immediate mitigation is required and patching is delayed.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-08-21T05:34:56.681Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9826c4522896dcbe0eb7
Added to database: 5/21/2025, 9:08:54 AM
Last enriched: 6/28/2025, 11:55:07 PM
Last updated: 8/14/2025, 2:53:21 PM
Views: 14
Related Threats
CVE-2025-55716: CWE-862 Missing Authorization in VeronaLabs WP Statistics
MediumCVE-2025-55714: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crocoblock JetElements For Elementor
MediumCVE-2025-55713: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in CreativeThemes Blocksy
MediumCVE-2025-55712: CWE-862 Missing Authorization in POSIMYTH The Plus Addons for Elementor Page Builder Lite
MediumCVE-2025-55710: CWE-201 Insertion of Sensitive Information Into Sent Data in Steve Burge TaxoPress
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.