NVD Vulnerability Detail

CVE-2024-43867

Summary	In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix refcount underflow Calling nouveau_bo_ref() on a nouveau_bo without initializing it (and hence the backing ttm_bo) leads to a refcount underflow. Instead of calling nouveau_bo_ref() in the unwind path of drm_gem_object_init(), clean things up manually. (cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5)
Publication Date	Aug. 21, 2024, 9:15 a.m.
Registration Date	Aug. 26, 2024, 4:59 p.m.
Last Update	Aug. 21, 2024, 9:30 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://git.kernel.org/stable/c/3bcb8bba72ce89667fa863054956267c450c47ef
2	https://git.kernel.org/stable/c/906372e753c5027a1dc88743843b6aa2ad1aaecf
3	https://git.kernel.org/stable/c/16998763c62bb465ebc409d0373b9cdcef1a61a6
4	https://git.kernel.org/stable/c/ebebba4d357b6c67f96776a48ddbaf0060fa4c10
5	https://git.kernel.org/stable/c/f23cd66933fe76b84d8e282e5606b4d99068c320
6	https://git.kernel.org/stable/c/2a1b327d57a8ac080977633a18999f032d7e9e3f
7	https://git.kernel.org/stable/c/a9bf3efc33f1fbf88787a277f7349459283c9b95

Common Vulnerabilities List

JVN Vulnerability Information

Linux の Linux Kernel における整数アンダーフローの脆弱性

Title	Linux の Linux Kernel における整数アンダーフローの脆弱性
Summary	Linux の Linux Kernel には、整数アンダーフローの脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 22, 2024, midnight
Registration Date	Oct. 6, 2025, 5:47 p.m.
Last Update	Oct. 6, 2025, 5:47 p.m.

Affected System

Linux

Linux Kernel 3.9 以上 5.4.282 未満

Linux Kernel 5.11 以上 5.15.165 未満

Linux Kernel 5.16 以上 6.1.104 未満

Linux Kernel 5.5 以上 5.10.224 未満

Linux Kernel 6.11

Linux Kernel 6.2 以上 6.6.45 未満

Linux Kernel 6.7 以上 6.10.4 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-43867	https://www.cve.org/CVERecord?id=CVE-2024-43867
National Vulnerability Database (NVD)
2	CVE-2024-43867	https://nvd.nist.gov/vuln/detail/CVE-2024-43867

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-191	https://cwe.mitre.org/data/definitions/191.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	drm/nouveau: prime: fix refcount underflow (1699876)	https://git.kernel.org/stable/c/16998763c62bb465ebc409d0373b9cdcef1a61a6
2	drm/nouveau: prime: fix refcount underflow (2a1b327)	https://git.kernel.org/stable/c/2a1b327d57a8ac080977633a18999f032d7e9e3f
3	drm/nouveau: prime: fix refcount underflow (3bcb8bb)	https://git.kernel.org/stable/c/3bcb8bba72ce89667fa863054956267c450c47ef
4	drm/nouveau: prime: fix refcount underflow (906372e)	https://git.kernel.org/stable/c/906372e753c5027a1dc88743843b6aa2ad1aaecf
5	drm/nouveau: prime: fix refcount underflow (a9bf3ef)	https://git.kernel.org/stable/c/a9bf3efc33f1fbf88787a277f7349459283c9b95
6	drm/nouveau: prime: fix refcount underflow (ebebba4)	https://git.kernel.org/stable/c/ebebba4d357b6c67f96776a48ddbaf0060fa4c10
7	drm/nouveau: prime: fix refcount underflow (f23cd66)	https://git.kernel.org/stable/c/f23cd66933fe76b84d8e282e5606b4d99068c320
Linux Kernel
8	Linux Kernel Archives	https://www.kernel.org

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-25-226-07	https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07
JVN
2	JVNVU#92169998	https://jvn.jp/vu/JVNVU92169998/

Change Log

No	Changed Details	Date of change
1	[2025年10月01日] 掲載	Oct. 1, 2025, 3:39 p.m.