Login Sign Up

CVE-2024-36018

5.5 MEDIUM
Denial of Service

📋 TL;DR

A memory corruption vulnerability in the Linux kernel's Nouveau GPU driver allows miscalculated memory remap operations to corrupt page tables, potentially causing kernel crashes or privilege escalation. This affects systems using Nouveau drivers for NVIDIA GPUs with vulnerable kernel versions.

💻 Affected Systems

Products:
  • Linux kernel with Nouveau driver
Versions: Kernel versions containing the vulnerable code (specific commit range not provided in CVE)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using Nouveau open-source NVIDIA drivers, not proprietary NVIDIA drivers. Requires GPU operations that trigger specific remap calculations.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash or potential privilege escalation to kernel mode, allowing full system compromise.

🟠

Likely Case

System instability, kernel oops/panics, or denial of service when specific GPU operations trigger the miscalculation.

🟢

If Mitigated

System crash requiring reboot, but no privilege escalation if kernel protections prevent exploitation.

🌐 Internet-Facing: LOW - Requires local access or specific GPU operations to trigger.
🏢 Internal Only: MEDIUM - Local users or processes with GPU access could trigger crashes affecting system stability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering specific GPU memory remap operations. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 0c16020d2b69a602c8ae6a1dd2aac9a3023249d6 or 692a51bebf4552bdf0a79ccd68d291182a26a569

Vendor Advisory: https://git.kernel.org/stable/c/0c16020d2b69a602c8ae6a1dd2aac9a3023249d6

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from distribution repository. 2. Reboot system to load new kernel. 3. Verify Nouveau driver loads correctly.

🔧 Temporary Workarounds

Disable Nouveau driver

linux

Prevent loading of vulnerable Nouveau driver by blacklisting it

echo 'blacklist nouveau' >> /etc/modprobe.d/blacklist-nouveau.conf
update-initramfs -u
reboot

Use proprietary NVIDIA driver

linux

Replace Nouveau with official NVIDIA proprietary driver

apt-get install nvidia-driver-XXX (Debian/Ubuntu)
yum install nvidia-driver (RHEL/CentOS)

🧯 If You Can't Patch

  • Restrict GPU access to trusted users only
  • Monitor system logs for kernel oops/panic messages related to Nouveau

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if Nouveau driver is loaded: lsmod | grep nouveau && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and Nouveau driver loads without errors in dmesg

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages mentioning nouveau/uvmm
  • System crashes during GPU-intensive operations
  • dmesg errors related to page table corruption

Network Indicators:

  • None - local vulnerability only

SIEM Query:

source="kernel" AND ("nouveau" OR "uvmm") AND ("Oops" OR "panic" OR "corruption")

📊 Metadata

CVE ID: CVE-2024-36018
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: May 30, 2024
Last Updated: September 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36018, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2018-6692 10.0

This vulnerability allows remote attackers to execute arbitrary code on Belkin Wemo Insight Smart Pl...

Same vulnerability type (CWE-787)