CVE-2024-46710: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46710 affects the Linux kernel's drm/vmwgfx driver. The vulnerability was discovered in September 2024 and involves a race condition in the buffer mapping functionality of the VMware graphics driver. The issue affects Linux kernel versions from 5.19 up to (excluding) 6.10.8, as well as several release candidates of version 6.11 (NVD).

The vulnerability exists in the kernel's VMware graphics driver (drm/vmwgfx) where a race condition occurs during buffer mapping operations. The issue arises when multiple paths keep persistent maps active to read and compare cursor buffers. The race condition manifests in a scenario where a buffer is mapped for update and comparison simultaneously, leading to potential buffer unmapping before the operation completes. This can result in reading bogus content when updating the cursor (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 base score of 4.7 (Medium) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can lead to reading incorrect buffer contents during cursor updates in the VMware graphics driver. This could potentially result in display corruption or system instability when using the affected graphics driver (NVD).

The issue has been fixed by implementing a counter to track active buffer maps. The fix prevents unmapping of active read buffers by maintaining a count of currently active maps and only unmapping when the count reaches zero. The patch has been merged into the Linux kernel (Kernel Patch). Users should update to kernel version 6.10.8 or later to receive the fix.