CVE-2024-49570

Feb. 27, 2025, 6:15 p.m.

7.8
High

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe/tracing: Fix a potential TP_printk UAF The commit afd2627f727b ("tracing: Check "%s" dereference via the field and not the TP_printk format") exposes potential UAFs in the xe_bo_move trace event. Fix those by avoiding dereferencing the xe_mem_type_to_name[] array at TP_printk time. Since some code refactoring has taken place, explicit backporting may be needed for kernels older than 6.10.

Product(s) Impacted

Product Versions
Linux kernel
  • ['6.10 and newer']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-416
Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://git.kernel.org/stable/c/07089083a526ea19daa72a1edf9d6e209615b77c
https://git.kernel.org/stable/c/62cd174616ae3bf8a6cf468718f1ae74e5a07727
https://git.kernel.org/stable/c/c9402da34611e1039ecccba3c1481c4866f7ca64

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-416
2025-02-27
CVE-2024-49570

CVSS Score

7.8 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Feb. 27, 2025, 3:15 a.m.
Last Modified: Feb. 27, 2025, 6:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.