CVE-2024-46867
Oct. 1, 2024, 5:09 p.m.
5.5
Medium
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/client: fix deadlock in show_meminfo()
There is a real deadlock as well as sleeping in atomic() bug in here, if
the bo put happens to be the last ref, since bo destruction wants to
grab the same spinlock and sleeping locks. Fix that by dropping the ref
using xe_bo_put_deferred(), and moving the final commit outside of the
lock. Dropping the lock around the put is tricky since the bo can go
out of scope and delete itself from the list, making it difficult to
navigate to the next list entry.
(cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Linux |
|
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
CWE-667
Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
*CPE(s)
Affected systems and software identified for this CVE.
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| o | linux | linux_kernel | / | / | / | / | / | / | / | / |
| o | linux | linux_kernel | 6.11 | rc1 | / | / | / | / | / | / |
| o | linux | linux_kernel | 6.11 | rc2 | / | / | / | / | / | / |
| o | linux | linux_kernel | 6.11 | rc3 | / | / | / | / | / | / |
| o | linux | linux_kernel | 6.11 | rc4 | / | / | / | / | / | / |
| o | linux | linux_kernel | 6.11 | rc5 | / | / | / | / | / | / |
| o | linux | linux_kernel | 6.11 | rc6 | / | / | / | / | / | / |
| o | linux | linux_kernel | 6.11 | rc7 | / | / | / | / | / | / |
Tags
CVSS Score
CVSS Data - 3.1
- Attack Vector: LOCAL
- Attack Complexity: LOW
- Privileges Required: LOW
- Scope: UNCHANGED
- Confidentiality Impact: NONE
- Integrity Impact: NONE
- Availability Impact: HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Timeline
Published: Sept. 27, 2024, 1:15 p.m.
Last Modified: Oct. 1, 2024, 5:09 p.m.
Last Modified: Oct. 1, 2024, 5:09 p.m.
Status : Analyzed
CVE has had analysis completed and all data associations made.
More infoSource
416baaa9-dc9f-4396-8d5f-8c081fb06d67
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.