5.5

CVE-2024-44980

In the Linux kernel, the following vulnerability has been resolved:

drm/xe: Fix opregion leak

Being part o the display, ideally the setup and cleanup would be done by
display itself. However this is a bigger refactor that needs to be done
on both i915 and xe. For now, just fix the leak:

unreferenced object 0xffff8881a0300008 (size 192):
  comm "modprobe", pid 4354, jiffies 4295647021
  hex dump (first 32 bytes):
    00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff  ...'............
    18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00  ................
  backtrace (crc 99260e31):
    [<ffffffff823ce65b>] kmemleak_alloc+0x4b/0x80
    [<ffffffff81493be2>] kmalloc_trace_noprof+0x312/0x3d0
    [<ffffffffa1345679>] intel_opregion_setup+0x89/0x700 [xe]
    [<ffffffffa125bfaf>] xe_display_init_noirq+0x2f/0x90 [xe]
    [<ffffffffa1199ec3>] xe_device_probe+0x7a3/0xbf0 [xe]
    [<ffffffffa11f3713>] xe_pci_probe+0x333/0x5b0 [xe]
    [<ffffffff81af6be8>] local_pci_probe+0x48/0xb0
    [<ffffffff81af8778>] pci_device_probe+0xc8/0x280
    [<ffffffff81d09048>] really_probe+0xf8/0x390
    [<ffffffff81d0937a>] __driver_probe_device+0x8a/0x170
    [<ffffffff81d09503>] driver_probe_device+0x23/0xb0
    [<ffffffff81d097b7>] __driver_attach+0xc7/0x190
    [<ffffffff81d0628d>] bus_for_each_dev+0x7d/0xd0
    [<ffffffff81d0851e>] driver_attach+0x1e/0x30
    [<ffffffff81d07ac7>] bus_add_driver+0x117/0x250

(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.8 < 6.10.7
LinuxLinux Kernel Version6.11 Updaterc1
LinuxLinux Kernel Version6.11 Updaterc2
LinuxLinux Kernel Version6.11 Updaterc3
LinuxLinux Kernel Version6.11 Updaterc4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.058
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H