Login Sign Up

CVE-2024-43863

5.5 MEDIUM

📋 TL;DR

A deadlock vulnerability in the Linux kernel's vmwgfx driver occurs when DMA buffer fence polling triggers a circular dependency between fence waiting and destruction operations. This causes system stalls or freezes, primarily affecting users running KDE or other applications using DMA-buf polling interfaces on systems with VMware graphics drivers.

💻 Affected Systems

Products:
  • Linux kernel with vmwgfx driver enabled
Versions: Kernel versions containing vulnerable vmwgfx code (specific versions not specified in CVE, but patches available for stable branches)
Operating Systems: Linux distributions with vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when vmwgfx driver is loaded and DMA-buf polling interfaces are used (primarily affects KDE and similar desktop environments)

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system deadlock requiring hard reboot, causing denial of service and potential data loss from unsaved work.

🟠

Likely Case

Application or desktop environment freezes/stalls when using DMA-buf polling features, requiring application restart.

🟢

If Mitigated

Minor performance impact or no visible effect if affected interfaces aren't used.

🌐 Internet-Facing: LOW - This is a local kernel driver issue not directly exploitable over network.
🏢 Internal Only: MEDIUM - Can cause productivity disruption through system freezes for users running affected applications.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: LOW - Triggering requires user interaction with affected applications

This is a reliability/deadlock bug rather than a security exploit, but can cause denial of service

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in kernel stable releases via commits referenced in CVE

Vendor Advisory: https://git.kernel.org/stable/c/3b933b16c996af8adb6bc1b5748a63dfb41a82bc

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from distribution repositories. 2. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable vmwgfx driver

linux

Blacklist or disable the vmwgfx driver if not needed

echo 'blacklist vmwgfx' >> /etc/modprobe.d/blacklist-vmwgfx.conf
update-initramfs -u
reboot

Avoid DMA-buf polling applications

linux

Don't use KDE or other applications that trigger DMA-buf polling

🧯 If You Can't Patch

  • Monitor for system stalls/freezes and restart affected applications when they occur
  • Consider using alternative desktop environments or disabling hardware acceleration

🔍 How to Verify

Check if Vulnerable:

Check if vmwgfx module is loaded: lsmod | grep vmwgfx AND check kernel version against patched releases

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes one of the fix commits: uname -r and check with distribution's patch tracking

📡 Detection & Monitoring

Log Indicators:

  • System freezes/hangs
  • Application stalls in KDE/desktop environments
  • Kernel watchdog timeouts

SIEM Query:

Search for: 'kernel: watchdog: BUG: soft lockup' OR application logs showing KDE/desktop freezes

📊 Metadata

CVE ID: CVE-2024-43863
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-667
Published: August 21, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43863, you might also want to check these:

CVE-2020-12658 9.8

CVE-2020-12658 is a critical vulnerability in gssproxy (GSS-API proxy daemon) where improper mutex h...

Same vulnerability type (CWE-667)
CVE-2020-11284 8.4

This vulnerability allows non-secure boot loaders to unlock and modify memory regions that should re...

Same vulnerability type (CWE-667)
CVE-2021-22530 8.2

CVE-2021-22530 is an authentication bypass vulnerability in NetIQ Advanced Authentication that allow...

Same vulnerability type (CWE-667)