CVE-2024-58019: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: nvkm/gsp: correctly advance the read pointer of GSP message queue A GSP event message consists three parts: message header, RPC header, message body. GSP calculates the number of pages to write from the total size of a GSP message. This behavior can be observed from the movement of the write pointer. However, nvkm takes only the size of RPC header and message body as the message size when advancing the read pointer. When handling a two-page GSP message in the non rollback case, It wrongly takes the message body of the previous message as the message header of the next message. As the "message length" tends to be zero, in the calculation of size needs to be copied (0 - size of (message header)), the size needs to be copied will be "0xffffffxx". It also triggers a kernel panic due to a NULL pointer error. [ 547.614102] msg: 00000f90: ff ff ff ff ff ff ff ff 40 d7 18 fb 8b 00 00 00 ........@....... [ 547.622533] msg: 00000fa0: 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................ [ 547.630965] msg: 00000fb0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................ [ 547.639397] msg: 00000fc0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................ [ 547.647832] nvkm 0000:c1:00.0: gsp: peek msg rpc fn:0 len:0x0/0xffffffffffffffe0 [ 547.655225] nvkm 0000:c1:00.0: gsp: get msg rpc fn:0 len:0x0/0xffffffffffffffe0 [ 547.662532] BUG: kernel NULL pointer dereference, address: 0000000000000020 [ 547.669485] #PF: supervisor read access in kernel mode [ 547.674624] #PF: error_code(0x0000) - not-present page [ 547.679755] PGD 0 P4D 0 [ 547.682294] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 547.686643] CPU: 22 PID: 322 Comm: kworker/22:1 Tainted: G E 6.9.0-rc6+ #1 [ 547.694893] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022 [ 547.702626] Workqueue: events r535_gsp_msgq_work [nvkm] [ 547.707921] RIP: 0010:r535_gsp_msg_recv+0x87/0x230 [nvkm] [ 547.713375] Code: 00 8b 70 08 48 89 e1 31 d2 4c 89 f7 e8 12 f5 ff ff 48 89 c5 48 85 c0 0f 84 cf 00 00 00 48 81 fd 00 f0 ff ff 0f 87 c4 00 00 00 <8b> 55 10 41 8b 46 30 85 d2 0f 85 f6 00 00 00 83 f8 04 76 10 ba 05 [ 547.732119] RSP: 0018:ffffabe440f87e10 EFLAGS: 00010203 [ 547.737335] RAX: 0000000000000010 RBX: 0000000000000008 RCX: 000000000000003f [ 547.744461] RDX: 0000000000000000 RSI: ffffabe4480a8030 RDI: 0000000000000010 [ 547.751585] RBP: 0000000000000010 R08: 0000000000000000 R09: ffffabe440f87bb0 [ 547.758707] R10: ffffabe440f87dc8 R11: 0000000000000010 R12: 0000000000000000 [ 547.765834] R13: 0000000000000000 R14: ffff9351df1e5000 R15: 0000000000000000 [ 547.772958] FS: 0000000000000000(0000) GS:ffff93708eb00000(0000) knlGS:0000000000000000 [ 547.781035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 547.786771] CR2: 0000000000000020 CR3: 00000003cc220002 CR4: 0000000000770ef0 [ 547.793896] PKRU: 55555554 [ 547.796600] Call Trace: [ 547.799046] <TASK> [ 547.801152] ? __die+0x20/0x70 [ 547.804211] ? page_fault_oops+0x75/0x170 [ 547.808221] ? print_hex_dump+0x100/0x160 [ 547.812226] ? exc_page_fault+0x64/0x150 [ 547.816152] ? asm_exc_page_fault+0x22/0x30 [ 547.820341] ? r535_gsp_msg_recv+0x87/0x230 [nvkm] [ 547.825184] r535_gsp_msgq_work+0x42/0x50 [nvkm] [ 547.829845] process_one_work+0x196/0x3d0 [ 547.833861] worker_thread+0x2fc/0x410 [ 547.837613] ? __pfx_worker_thread+0x10/0x10 [ 547.841885] kthread+0xdf/0x110 [ 547.845031] ? __pfx_kthread+0x10/0x10 [ 547.848775] ret_from_fork+0x30/0x50 [ 547.852354] ? __pfx_kthread+0x10/0x10 [ 547.856097] ret_from_fork_asm+0x1a/0x30 [ 547.860019] </TASK> [ 547.862208] Modules linked in: nvkm(E) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) amd64_edac(E) mlx5_ib(E) edac_mce_amd(E) kvm_amd ---truncated---
AI Analysis
Technical Summary
CVE-2024-58019 is a vulnerability in the Linux kernel's NVIDIA kernel module (nvkm), specifically within the GSP (Graphics System Processor) message queue handling code. The vulnerability arises due to improper advancement of the read pointer when processing GSP event messages. A GSP event message consists of three parts: a message header, an RPC header, and a message body. The kernel calculates the number of pages to write based on the total size of the GSP message, which is reflected by the movement of the write pointer. However, the nvkm driver incorrectly advances the read pointer by considering only the size of the RPC header and message body, excluding the message header size. This miscalculation leads to a scenario where, when handling a two-page GSP message in a non-rollback case, the message body of the previous message is mistakenly interpreted as the message header of the next message. Consequently, the message length calculation results in a near-zero or negative value, causing an underflow that leads to an extremely large size value (e.g., 0xffffffxx) for the amount of data to be copied. This triggers a NULL pointer dereference in kernel space, causing a kernel panic and system crash. The vulnerability is demonstrated by kernel logs showing a supervisor read access fault and an Oops message indicating a NULL pointer dereference at a low memory address. The flaw exists in Linux kernel version 6.9.0-rc6+ as per the provided logs and is related to the nvkm module's r535_gsp_msg_recv function. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability can cause denial of service (DoS) by crashing the kernel, impacting system availability. Exploitation requires triggering a crafted GSP message, which may be possible in environments where the vulnerable kernel and NVIDIA hardware/software stack are present and accessible. The vulnerability is technical and specific to the interaction between the Linux kernel and NVIDIA's kernel module for graphics processing, affecting systems with this hardware and driver combination.
Potential Impact
For European organizations, the primary impact of CVE-2024-58019 is the potential for denial of service due to kernel panics triggered by the vulnerability. This can lead to unexpected system crashes, resulting in downtime for critical servers or workstations running Linux with NVIDIA hardware using the affected nvkm driver. Organizations relying on Linux servers for compute, graphics-intensive workloads, or virtualization that utilize NVIDIA GPUs could face operational disruptions. The integrity and confidentiality impact is limited as the vulnerability causes a crash rather than arbitrary code execution or privilege escalation. However, availability loss can affect business continuity, especially in sectors like research institutions, media production, cloud service providers, and enterprises using GPU-accelerated computing. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to prevent potential future exploitation. European organizations with mixed hardware environments or those using Linux distributions that incorporate the affected kernel versions and NVIDIA drivers are at risk. The vulnerability's impact is more pronounced in environments where GPU access is exposed or where untrusted users can interact with the GPU subsystem, such as multi-tenant cloud environments or shared workstations.
Mitigation Recommendations
1. Apply Kernel Updates: Organizations should monitor Linux kernel updates and apply patches that fix CVE-2024-58019 as soon as they become available from trusted Linux distribution vendors or the Linux kernel mainline. 2. Update NVIDIA Drivers: Ensure that NVIDIA kernel modules and drivers are updated to versions that include the fix for this vulnerability. Coordination with NVIDIA's driver releases is essential. 3. Restrict Access to GPU Devices: Limit access to GPU devices to trusted users and processes only. Use Linux device access controls (udev rules, cgroups, SELinux/AppArmor policies) to prevent unprivileged or untrusted users from sending crafted messages to the GPU subsystem. 4. Monitor System Logs: Implement monitoring for kernel panics, Oops messages, and nvkm-related errors in system logs to detect potential exploitation attempts or crashes related to this vulnerability. 5. Use Kernel Hardening Features: Enable kernel hardening features such as kernel lockdown, memory protection mechanisms, and address space layout randomization (ASLR) to reduce the risk of exploitation. 6. Isolate GPU Workloads: In multi-tenant or cloud environments, isolate GPU workloads using virtualization or containerization to limit the blast radius of any potential exploit. 7. Conduct Security Testing: Perform fuzz testing or security assessments on GPU message handling if custom or third-party software interacts with the GPU subsystem to identify any additional weaknesses. These measures go beyond generic advice by focusing on controlling access to the vulnerable subsystem, proactive monitoring, and coordination with vendor patches.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2024-58019: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: nvkm/gsp: correctly advance the read pointer of GSP message queue A GSP event message consists three parts: message header, RPC header, message body. GSP calculates the number of pages to write from the total size of a GSP message. This behavior can be observed from the movement of the write pointer. However, nvkm takes only the size of RPC header and message body as the message size when advancing the read pointer. When handling a two-page GSP message in the non rollback case, It wrongly takes the message body of the previous message as the message header of the next message. As the "message length" tends to be zero, in the calculation of size needs to be copied (0 - size of (message header)), the size needs to be copied will be "0xffffffxx". It also triggers a kernel panic due to a NULL pointer error. [ 547.614102] msg: 00000f90: ff ff ff ff ff ff ff ff 40 d7 18 fb 8b 00 00 00 ........@....... [ 547.622533] msg: 00000fa0: 00 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 ................ [ 547.630965] msg: 00000fb0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................ [ 547.639397] msg: 00000fc0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................ [ 547.647832] nvkm 0000:c1:00.0: gsp: peek msg rpc fn:0 len:0x0/0xffffffffffffffe0 [ 547.655225] nvkm 0000:c1:00.0: gsp: get msg rpc fn:0 len:0x0/0xffffffffffffffe0 [ 547.662532] BUG: kernel NULL pointer dereference, address: 0000000000000020 [ 547.669485] #PF: supervisor read access in kernel mode [ 547.674624] #PF: error_code(0x0000) - not-present page [ 547.679755] PGD 0 P4D 0 [ 547.682294] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 547.686643] CPU: 22 PID: 322 Comm: kworker/22:1 Tainted: G E 6.9.0-rc6+ #1 [ 547.694893] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022 [ 547.702626] Workqueue: events r535_gsp_msgq_work [nvkm] [ 547.707921] RIP: 0010:r535_gsp_msg_recv+0x87/0x230 [nvkm] [ 547.713375] Code: 00 8b 70 08 48 89 e1 31 d2 4c 89 f7 e8 12 f5 ff ff 48 89 c5 48 85 c0 0f 84 cf 00 00 00 48 81 fd 00 f0 ff ff 0f 87 c4 00 00 00 <8b> 55 10 41 8b 46 30 85 d2 0f 85 f6 00 00 00 83 f8 04 76 10 ba 05 [ 547.732119] RSP: 0018:ffffabe440f87e10 EFLAGS: 00010203 [ 547.737335] RAX: 0000000000000010 RBX: 0000000000000008 RCX: 000000000000003f [ 547.744461] RDX: 0000000000000000 RSI: ffffabe4480a8030 RDI: 0000000000000010 [ 547.751585] RBP: 0000000000000010 R08: 0000000000000000 R09: ffffabe440f87bb0 [ 547.758707] R10: ffffabe440f87dc8 R11: 0000000000000010 R12: 0000000000000000 [ 547.765834] R13: 0000000000000000 R14: ffff9351df1e5000 R15: 0000000000000000 [ 547.772958] FS: 0000000000000000(0000) GS:ffff93708eb00000(0000) knlGS:0000000000000000 [ 547.781035] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 547.786771] CR2: 0000000000000020 CR3: 00000003cc220002 CR4: 0000000000770ef0 [ 547.793896] PKRU: 55555554 [ 547.796600] Call Trace: [ 547.799046] <TASK> [ 547.801152] ? __die+0x20/0x70 [ 547.804211] ? page_fault_oops+0x75/0x170 [ 547.808221] ? print_hex_dump+0x100/0x160 [ 547.812226] ? exc_page_fault+0x64/0x150 [ 547.816152] ? asm_exc_page_fault+0x22/0x30 [ 547.820341] ? r535_gsp_msg_recv+0x87/0x230 [nvkm] [ 547.825184] r535_gsp_msgq_work+0x42/0x50 [nvkm] [ 547.829845] process_one_work+0x196/0x3d0 [ 547.833861] worker_thread+0x2fc/0x410 [ 547.837613] ? __pfx_worker_thread+0x10/0x10 [ 547.841885] kthread+0xdf/0x110 [ 547.845031] ? __pfx_kthread+0x10/0x10 [ 547.848775] ret_from_fork+0x30/0x50 [ 547.852354] ? __pfx_kthread+0x10/0x10 [ 547.856097] ret_from_fork_asm+0x1a/0x30 [ 547.860019] </TASK> [ 547.862208] Modules linked in: nvkm(E) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) amd64_edac(E) mlx5_ib(E) edac_mce_amd(E) kvm_amd ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-58019 is a vulnerability in the Linux kernel's NVIDIA kernel module (nvkm), specifically within the GSP (Graphics System Processor) message queue handling code. The vulnerability arises due to improper advancement of the read pointer when processing GSP event messages. A GSP event message consists of three parts: a message header, an RPC header, and a message body. The kernel calculates the number of pages to write based on the total size of the GSP message, which is reflected by the movement of the write pointer. However, the nvkm driver incorrectly advances the read pointer by considering only the size of the RPC header and message body, excluding the message header size. This miscalculation leads to a scenario where, when handling a two-page GSP message in a non-rollback case, the message body of the previous message is mistakenly interpreted as the message header of the next message. Consequently, the message length calculation results in a near-zero or negative value, causing an underflow that leads to an extremely large size value (e.g., 0xffffffxx) for the amount of data to be copied. This triggers a NULL pointer dereference in kernel space, causing a kernel panic and system crash. The vulnerability is demonstrated by kernel logs showing a supervisor read access fault and an Oops message indicating a NULL pointer dereference at a low memory address. The flaw exists in Linux kernel version 6.9.0-rc6+ as per the provided logs and is related to the nvkm module's r535_gsp_msg_recv function. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability can cause denial of service (DoS) by crashing the kernel, impacting system availability. Exploitation requires triggering a crafted GSP message, which may be possible in environments where the vulnerable kernel and NVIDIA hardware/software stack are present and accessible. The vulnerability is technical and specific to the interaction between the Linux kernel and NVIDIA's kernel module for graphics processing, affecting systems with this hardware and driver combination.
Potential Impact
For European organizations, the primary impact of CVE-2024-58019 is the potential for denial of service due to kernel panics triggered by the vulnerability. This can lead to unexpected system crashes, resulting in downtime for critical servers or workstations running Linux with NVIDIA hardware using the affected nvkm driver. Organizations relying on Linux servers for compute, graphics-intensive workloads, or virtualization that utilize NVIDIA GPUs could face operational disruptions. The integrity and confidentiality impact is limited as the vulnerability causes a crash rather than arbitrary code execution or privilege escalation. However, availability loss can affect business continuity, especially in sectors like research institutions, media production, cloud service providers, and enterprises using GPU-accelerated computing. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to prevent potential future exploitation. European organizations with mixed hardware environments or those using Linux distributions that incorporate the affected kernel versions and NVIDIA drivers are at risk. The vulnerability's impact is more pronounced in environments where GPU access is exposed or where untrusted users can interact with the GPU subsystem, such as multi-tenant cloud environments or shared workstations.
Mitigation Recommendations
1. Apply Kernel Updates: Organizations should monitor Linux kernel updates and apply patches that fix CVE-2024-58019 as soon as they become available from trusted Linux distribution vendors or the Linux kernel mainline. 2. Update NVIDIA Drivers: Ensure that NVIDIA kernel modules and drivers are updated to versions that include the fix for this vulnerability. Coordination with NVIDIA's driver releases is essential. 3. Restrict Access to GPU Devices: Limit access to GPU devices to trusted users and processes only. Use Linux device access controls (udev rules, cgroups, SELinux/AppArmor policies) to prevent unprivileged or untrusted users from sending crafted messages to the GPU subsystem. 4. Monitor System Logs: Implement monitoring for kernel panics, Oops messages, and nvkm-related errors in system logs to detect potential exploitation attempts or crashes related to this vulnerability. 5. Use Kernel Hardening Features: Enable kernel hardening features such as kernel lockdown, memory protection mechanisms, and address space layout randomization (ASLR) to reduce the risk of exploitation. 6. Isolate GPU Workloads: In multi-tenant or cloud environments, isolate GPU workloads using virtualization or containerization to limit the blast radius of any potential exploit. 7. Conduct Security Testing: Perform fuzz testing or security assessments on GPU message handling if custom or third-party software interacts with the GPU subsystem to identify any additional weaknesses. These measures go beyond generic advice by focusing on controlling access to the vulnerable subsystem, proactive monitoring, and coordination with vendor patches.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-27T02:10:48.228Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9822c4522896dcbde1c6
Added to database: 5/21/2025, 9:08:50 AM
Last enriched: 6/28/2025, 5:27:11 AM
Last updated: 8/1/2025, 6:50:14 AM
Views: 11
Related Threats
CVE-2025-9098: Improper Export of Android Application Components in Elseplus File Recovery App
MediumCVE-2025-31715: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Unisoc (Shanghai) Technologies Co., Ltd. SL8521E/SL8521ET/ SL8541E/UIS8141E/UWS6137/UWS6137E/UWS6151(E)/UWS6152
CriticalCVE-2025-31714: CWE-20 Improper Input Validation in Unisoc (Shanghai) Technologies Co., Ltd. SL8521E/SL8521ET/ SL8541E/UIS8141E/UWS6137/UWS6137E/UWS6151(E)/UWS6152
MediumCVE-2025-31713: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Unisoc (Shanghai) Technologies Co., Ltd. SL8521E/SL8521ET/ SL8541E/UIS8141E/UWS6137/UWS6137E/UWS6151(E)/UWS6152
HighCVE-2025-9097: Improper Export of Android Application Components in Euro Information CIC banque et compte en ligne App
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.