CVE-2024-53115: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-53115 affects the Linux kernel's VMware graphics driver (vmwgfx). The vulnerability was discovered in the vmwframebuffersurfacecreatehandle function where the vmwuserobject_buffer function may return NULL with incorrect inputs, potentially leading to a null pointer dereference. This vulnerability affects Linux kernel versions from 6.10.4 up to (excluding) 6.11, and from 6.11 up to (excluding) 6.11.10, as well as various release candidates of version 6.12 (NVD).

The vulnerability exists in the drivers/gpu/drm/vmwgfx/vmwgfxkms.c file, specifically in the vmwframebuffersurfacecreatehandle function. The issue stems from a missing null pointer check on the return value of vmwuserobjectbuffer function. The CVSS v3.1 base score is 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability was fixed by adding a check whether the 'bo' pointer is NULL before dereferencing it (Kernel Patch).

If exploited, this vulnerability could lead to a denial of service (system crash) through a null pointer dereference in the VMware graphics driver. The impact is limited to availability with no direct impact on confidentiality or integrity (NVD).

The vulnerability has been fixed in the Linux kernel through a patch that adds a null pointer check. The fix has been backported to affected versions. Users should update their Linux kernel to versions that include the fix: beyond 6.11.10 or the latest stable release. The patch adds a WARN_ON check for null pointers and returns -EINVAL in case of null pointer detection (Kernel Patch).