CVE-2024-49876

EPSS 0.03%
Published 21.10.2024 18:15:09
Last modified 24.10.2024 19:57:06
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

drm/xe: fix UAF around queue destruction

We currently do stuff like queuing the final destruction step on a
random system wq, which will outlive the driver instance. With bad
timing we can teardown the driver with one or more work workqueue still
being alive leading to various UAF splats. Add a fini step to ensure
user queues are properly torn down. At this point GuC should already be
nuked so queue itself should no longer be referenced from hw pov.

v2 (Matt B)
 - Looks much safer to use a waitqueue and then just wait for the
   xa_array to become empty before triggering the drain.

(cherry picked from commit 861108666cc0e999cffeab6aff17b662e68774e3)

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.8 < 6.10.14

Linux ≫ Linux Kernel Version >= 6.11 < 6.11.3

Linux ≫ Linux Kernel Version6.12 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.07

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/272b0e78874586d6ccae04079d75b27b47705544

Patch

https://git.kernel.org/stable/c/2d2be279f1ca9e7288282d4214f16eea8a727cdb

Patch

https://git.kernel.org/stable/c/421c74670b0f9d5c007f1276d3647aa58f407fde

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-49876

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-49876

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-49876

EUVD