cve/2024/CVE-2024-50096.md

### [CVE-2024-50096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50096)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5be73b690875f7eb2d2defb54ccd7f2f12074984%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy errorThe `nouveau_dmem_copy_one` function ensures that the copy push command issent to the device firmware but does not track whether it was executedsuccessfully.In the case of a copy error (e.g., firmware or hardware failure), thecopy push command will be sent via the firmware channel, and`nouveau_dmem_copy_one` will likely report success, leading to the`migrate_to_ram` function returning a dirty HIGH_USER page to the user.This can result in a security vulnerability, as a HIGH_USER page that maycontain sensitive or corrupted data could be returned to the user.To prevent this vulnerability, we allocate a zero page. Thus, in case ofan error, a non-dirty (zero) page will be returned to the user.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/w4zu/Debian_security