CVE-2024-58018: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability was discovered in the GSP cmdq buffer handling within the nouveau driver. The issue occurs in r535gspcmdq_push() function when handling large RPC requests, where it incorrectly calculates the available space in the GSP cmdq buffer. The vulnerability was disclosed on February 26, 2025, affecting the Linux kernel's nouveau graphics driver (NVD, Kernel Git).

The vulnerability stems from r535gspcmdqpush() incorrectly calculating available buffer pages. When handling large RPC requests, the function waits for available pages in the GSP cmdq buffer. Upon finding at least one available page, it exits the waiting state with the count of free buffer pages. However, it incorrectly takes the [write pointer, bufsize) range as available buffer pages before rolling back, leading to a wrong calculation of the data copy size (Kernel Git).

This vulnerability can cause the overwriting of RPC requests that GSP is currently reading, resulting in GSP hangs due to corrupted RPC requests. This leads to system stability issues and potential service disruptions when using the affected nouveau driver (Kernel Git).

The issue has been fixed by modifying the calculation of available buffer pages. The patch calculates the available buffer page before rolling back, based on the result from the waiting state. The fix involves adding a new step variable and properly calculating the size based on the available free space (Kernel Git).