CVE-2024-53116: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix handling of partial GPU mapping of BOs This commit fixes the bug in the handling of partial mapping of the buffer objects to the GPU, which caused kernel warnings. Panthor didn't correctly handle the case where the partial mapping spanned multiple scatterlists and the mapping offset didn't point to the 1st page of starting scatterlist. The offset variable was not cleared after reaching the starting scatterlist. Following warning messages were seen. WARNING: CPU: 1 PID: 650 at drivers/iommu/io-pgtable-arm.c:659 __arm_lpae_unmap+0x254/0x5a0 <snip> pc : __arm_lpae_unmap+0x254/0x5a0 lr : __arm_lpae_unmap+0x2cc/0x5a0 <snip> Call trace: __arm_lpae_unmap+0x254/0x5a0 __arm_lpae_unmap+0x108/0x5a0 __arm_lpae_unmap+0x108/0x5a0 __arm_lpae_unmap+0x108/0x5a0 arm_lpae_unmap_pages+0x80/0xa0 panthor_vm_unmap_pages+0xac/0x1c8 [panthor] panthor_gpuva_sm_step_unmap+0x4c/0xc8 [panthor] op_unmap_cb.isra.23.constprop.30+0x54/0x80 __drm_gpuvm_sm_unmap+0x184/0x1c8 drm_gpuvm_sm_unmap+0x40/0x60 panthor_vm_exec_op+0xa8/0x120 [panthor] panthor_vm_bind_exec_sync_op+0xc4/0xe8 [panthor] panthor_ioctl_vm_bind+0x10c/0x170 [panthor] drm_ioctl_kernel+0xbc/0x138 drm_ioctl+0x210/0x4b0 __arm64_sys_ioctl+0xb0/0xf8 invoke_syscall+0x4c/0x110 el0_svc_common.constprop.1+0x98/0xf8 do_el0_svc+0x24/0x38 el0_svc+0x34/0xc8 el0t_64_sync_handler+0xa0/0xc8 el0t_64_sync+0x174/0x178 <snip> panthor : [drm] drm_WARN_ON(unmapped_sz != pgsize * pgcount) WARNING: CPU: 1 PID: 650 at drivers/gpu/drm/panthor/panthor_mmu.c:922 panthor_vm_unmap_pages+0x124/0x1c8 [panthor] <snip> pc : panthor_vm_unmap_pages+0x124/0x1c8 [panthor] lr : panthor_vm_unmap_pages+0x124/0x1c8 [panthor] <snip> panthor : [drm] *ERROR* failed to unmap range ffffa388f000-ffffa3890000 (requested range ffffa388c000-ffffa3890000)
AI Analysis
Technical Summary
CVE-2024-53116 is a vulnerability identified in the Linux kernel's Panthor DRM (Direct Rendering Manager) driver, which handles GPU buffer object (BO) memory mappings. The flaw arises from improper handling of partial GPU mappings of buffer objects that span multiple scatter-gather lists, specifically when the mapping offset does not point to the first page of the starting scatterlist. The vulnerability is due to the offset variable not being cleared after reaching the starting scatterlist, leading to incorrect memory unmapping operations. This results in kernel warnings and errors such as failed unmap ranges and panics related to the IOMMU (Input-Output Memory Management Unit) page table unmapping functions on ARM architectures. The issue manifests as kernel warnings and error messages indicating failed unmap operations and potential memory management inconsistencies within the Panthor GPU driver. Although the vulnerability does not have a known exploit in the wild and no CVSS score assigned yet, it affects the Linux kernel's GPU memory management subsystem on ARM platforms using the Panthor driver. The improper handling of memory mappings could potentially lead to memory corruption, kernel instability, or denial of service conditions if exploited. The vulnerability was fixed by correcting the offset handling logic to ensure proper clearing and management of partial mappings across scatterlists, preventing kernel warnings and unmap failures.
Potential Impact
For European organizations, the impact of CVE-2024-53116 depends largely on their use of ARM-based Linux systems with GPUs utilizing the Panthor DRM driver. This includes embedded systems, ARM-based servers, and specialized hardware platforms common in telecommunications, automotive, industrial control, and edge computing sectors. The vulnerability could lead to kernel instability or denial of service, potentially disrupting critical services or applications relying on GPU acceleration. While there is no evidence of privilege escalation or remote code execution, the instability could cause system crashes or degraded performance, impacting availability and operational continuity. Organizations running ARM-based Linux distributions with affected kernel versions may experience increased maintenance overhead and risk of service interruptions until patches are applied. Given the growing adoption of ARM architectures in Europe for energy-efficient data centers and IoT deployments, the vulnerability poses a moderate risk, especially for sectors requiring high reliability and uptime.
Mitigation Recommendations
To mitigate CVE-2024-53116, European organizations should: 1) Identify and inventory all Linux systems running ARM architectures with GPU support, specifically those using the Panthor DRM driver. 2) Apply the latest Linux kernel updates that include the fix for this vulnerability as soon as they become available from trusted Linux distribution vendors or directly from the kernel source. 3) For systems where immediate patching is not feasible, consider disabling GPU acceleration or the Panthor driver if it is not critical to operations, to reduce attack surface. 4) Monitor kernel logs for warning messages related to panthor_vm_unmap_pages or IOMMU unmap failures as early indicators of exploitation attempts or system instability. 5) Implement robust system monitoring and alerting to detect abnormal GPU or kernel behavior. 6) Engage with hardware and software vendors to ensure timely updates and support for ARM-based GPU drivers. 7) Incorporate this vulnerability into vulnerability management and incident response plans to ensure rapid remediation and recovery.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Italy, Spain, Poland
CVE-2024-53116: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix handling of partial GPU mapping of BOs This commit fixes the bug in the handling of partial mapping of the buffer objects to the GPU, which caused kernel warnings. Panthor didn't correctly handle the case where the partial mapping spanned multiple scatterlists and the mapping offset didn't point to the 1st page of starting scatterlist. The offset variable was not cleared after reaching the starting scatterlist. Following warning messages were seen. WARNING: CPU: 1 PID: 650 at drivers/iommu/io-pgtable-arm.c:659 __arm_lpae_unmap+0x254/0x5a0 <snip> pc : __arm_lpae_unmap+0x254/0x5a0 lr : __arm_lpae_unmap+0x2cc/0x5a0 <snip> Call trace: __arm_lpae_unmap+0x254/0x5a0 __arm_lpae_unmap+0x108/0x5a0 __arm_lpae_unmap+0x108/0x5a0 __arm_lpae_unmap+0x108/0x5a0 arm_lpae_unmap_pages+0x80/0xa0 panthor_vm_unmap_pages+0xac/0x1c8 [panthor] panthor_gpuva_sm_step_unmap+0x4c/0xc8 [panthor] op_unmap_cb.isra.23.constprop.30+0x54/0x80 __drm_gpuvm_sm_unmap+0x184/0x1c8 drm_gpuvm_sm_unmap+0x40/0x60 panthor_vm_exec_op+0xa8/0x120 [panthor] panthor_vm_bind_exec_sync_op+0xc4/0xe8 [panthor] panthor_ioctl_vm_bind+0x10c/0x170 [panthor] drm_ioctl_kernel+0xbc/0x138 drm_ioctl+0x210/0x4b0 __arm64_sys_ioctl+0xb0/0xf8 invoke_syscall+0x4c/0x110 el0_svc_common.constprop.1+0x98/0xf8 do_el0_svc+0x24/0x38 el0_svc+0x34/0xc8 el0t_64_sync_handler+0xa0/0xc8 el0t_64_sync+0x174/0x178 <snip> panthor : [drm] drm_WARN_ON(unmapped_sz != pgsize * pgcount) WARNING: CPU: 1 PID: 650 at drivers/gpu/drm/panthor/panthor_mmu.c:922 panthor_vm_unmap_pages+0x124/0x1c8 [panthor] <snip> pc : panthor_vm_unmap_pages+0x124/0x1c8 [panthor] lr : panthor_vm_unmap_pages+0x124/0x1c8 [panthor] <snip> panthor : [drm] *ERROR* failed to unmap range ffffa388f000-ffffa3890000 (requested range ffffa388c000-ffffa3890000)
AI-Powered Analysis
Technical Analysis
CVE-2024-53116 is a vulnerability identified in the Linux kernel's Panthor DRM (Direct Rendering Manager) driver, which handles GPU buffer object (BO) memory mappings. The flaw arises from improper handling of partial GPU mappings of buffer objects that span multiple scatter-gather lists, specifically when the mapping offset does not point to the first page of the starting scatterlist. The vulnerability is due to the offset variable not being cleared after reaching the starting scatterlist, leading to incorrect memory unmapping operations. This results in kernel warnings and errors such as failed unmap ranges and panics related to the IOMMU (Input-Output Memory Management Unit) page table unmapping functions on ARM architectures. The issue manifests as kernel warnings and error messages indicating failed unmap operations and potential memory management inconsistencies within the Panthor GPU driver. Although the vulnerability does not have a known exploit in the wild and no CVSS score assigned yet, it affects the Linux kernel's GPU memory management subsystem on ARM platforms using the Panthor driver. The improper handling of memory mappings could potentially lead to memory corruption, kernel instability, or denial of service conditions if exploited. The vulnerability was fixed by correcting the offset handling logic to ensure proper clearing and management of partial mappings across scatterlists, preventing kernel warnings and unmap failures.
Potential Impact
For European organizations, the impact of CVE-2024-53116 depends largely on their use of ARM-based Linux systems with GPUs utilizing the Panthor DRM driver. This includes embedded systems, ARM-based servers, and specialized hardware platforms common in telecommunications, automotive, industrial control, and edge computing sectors. The vulnerability could lead to kernel instability or denial of service, potentially disrupting critical services or applications relying on GPU acceleration. While there is no evidence of privilege escalation or remote code execution, the instability could cause system crashes or degraded performance, impacting availability and operational continuity. Organizations running ARM-based Linux distributions with affected kernel versions may experience increased maintenance overhead and risk of service interruptions until patches are applied. Given the growing adoption of ARM architectures in Europe for energy-efficient data centers and IoT deployments, the vulnerability poses a moderate risk, especially for sectors requiring high reliability and uptime.
Mitigation Recommendations
To mitigate CVE-2024-53116, European organizations should: 1) Identify and inventory all Linux systems running ARM architectures with GPU support, specifically those using the Panthor DRM driver. 2) Apply the latest Linux kernel updates that include the fix for this vulnerability as soon as they become available from trusted Linux distribution vendors or directly from the kernel source. 3) For systems where immediate patching is not feasible, consider disabling GPU acceleration or the Panthor driver if it is not critical to operations, to reduce attack surface. 4) Monitor kernel logs for warning messages related to panthor_vm_unmap_pages or IOMMU unmap failures as early indicators of exploitation attempts or system instability. 5) Implement robust system monitoring and alerting to detect abnormal GPU or kernel behavior. 6) Engage with hardware and software vendors to ensure timely updates and support for ARM-based GPU drivers. 7) Incorporate this vulnerability into vulnerability management and incident response plans to ensure rapid remediation and recovery.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-11-19T17:17:24.993Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9824c4522896dcbdfa33
Added to database: 5/21/2025, 9:08:52 AM
Last enriched: 6/28/2025, 3:10:51 PM
Last updated: 8/9/2025, 6:34:05 AM
Views: 13
Related Threats
CVE-2025-8927: Improper Restriction of Excessive Authentication Attempts in mtons mblog
MediumCVE-2025-43988: n/a
CriticalCVE-2025-8926: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-43986: n/a
CriticalCVE-2025-43982: n/a
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.