CVE-2024-58086
📋 TL;DR
This vulnerability in the Linux kernel's v3d DRM driver occurs when an active performance monitor is destroyed without being stopped first, leaving a stale pointer that can cause undefined behavior. This affects systems using the v3d graphics driver, primarily those with Broadcom VideoCore VI GPUs. The issue can lead to system instability or crashes.
💻 Affected Systems
- Linux kernel with v3d DRM driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, potentially requiring physical intervention to restore functionality.
Likely Case
System instability, application crashes, or graphical artifacts when using v3d driver functionality with performance monitoring enabled.
If Mitigated
Minor performance monitoring disruption with no broader system impact when properly patched.
🎯 Exploit Status
Requires local access and ability to trigger performance monitor destruction while active. Likely used for denial of service rather than privilege escalation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 1c5673a2c8926adbb61f340c779b28e18188a8cd, 21f1435b1e6b012a07c42f36b206d2b66fc8f13b, 22e19c8c5f6b709f4ae40227392a30d57bac187d, 95036d4c01167568166108d42c2b0e9f8dbd7d2b, or eb0e0eca0eab93f310c6c37b8564049366704691
Vendor Advisory: https://git.kernel.org/stable/c/1c5673a2c8926adbb61f340c779b28e18188a8cd
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution's repositories. 2. For custom kernels, apply the relevant git commits. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable v3d module
linuxPrevent loading of the vulnerable v3d driver module
echo 'blacklist v3d' >> /etc/modprobe.d/blacklist-v3d.conf
update-initramfs -u
reboot
Restrict performance monitor access
linuxLimit which users can access performance monitoring functionality
chmod 600 /sys/kernel/debug/dri/*/perfmon*
🧯 If You Can't Patch
- Disable v3d kernel module if not required for system functionality
- Implement strict access controls to prevent unauthorized users from accessing performance monitoring features
🔍 How to Verify
Check if Vulnerable:
Check if v3d module is loaded: lsmod | grep v3d. If loaded, check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or is newer than vulnerable versions. Check dmesg for v3d-related errors after patch.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages related to v3d driver
- System crash/panic logs with v3d stack traces
- dmesg errors mentioning 'perfmon' or 'v3d'
Network Indicators:
- None - this is a local kernel vulnerability
SIEM Query:
source="kernel" AND ("v3d" OR "perfmon") AND ("Oops" OR "panic" OR "BUG")🔗 References
- https://git.kernel.org/stable/c/1c5673a2c8926adbb61f340c779b28e18188a8cd
- https://git.kernel.org/stable/c/21f1435b1e6b012a07c42f36b206d2b66fc8f13b
- https://git.kernel.org/stable/c/22e19c8c5f6b709f4ae40227392a30d57bac187d
- https://git.kernel.org/stable/c/95036d4c01167568166108d42c2b0e9f8dbd7d2b
- https://git.kernel.org/stable/c/eb0e0eca0eab93f310c6c37b8564049366704691
- https://git.kernel.org/stable/c/f8805b12f477bd964e2820a87921c7b58cc2dee3
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
