CVE-2024-46712: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-46712 affects the Linux kernel's DRM VMWare graphics driver (vmwgfx). The vulnerability was discovered in September 2024 and involves an issue with coherent dumb buffers in configurations without 3D support. The affected versions include Linux kernel 6.10.4 through 6.10.8, and various 6.11 release candidates (rc2 through rc5) (NVD).

The vulnerability stems from the improper handling of coherent dumb buffers in the VMWare graphics driver when 3D acceleration is disabled. The issue occurs because coherent surfaces only make sense when the host renders to them using accelerated APIs. Without 3D support, the entire content of dumb buffers stays in the guest, making the synchronization between guest and host unnecessary. Additionally, configurations without 3D typically run with very low graphics memory limits (around 16MB), causing issues with pinned console framebuffer, mob cursors, and graphical login manager (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to system resource exhaustion, particularly in configurations with limited graphics memory. When exploited, it can cause the system to run out of graphics memory, affecting the functionality of the console framebuffer, mouse cursors, and the graphical login manager (Kernel Patch).

The vulnerability has been fixed by ensuring that coherent dumb buffers are only used on configurations with 3D enabled. The fix has been implemented in the Linux kernel through a patch that modifies the vmwgfx driver's behavior (Kernel Patch).