CVE-2024-50030
Oct. 25, 2024, 2:06 p.m.
7.8
High
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/ct: prevent UAF in send_recv()
Ensure we serialize with completion side to prevent UAF with fence going
out of scope on the stack, since we have no clue if it will fire after
the timeout before we can erase from the xa. Also we have some dependent
loads and stores for which we need the correct ordering, and we lack the
needed barriers. Fix this by grabbing the ct->lock after the wait, which
is also held by the completion side.
v2 (Badal):
- Also print done after acquiring the lock and seeing timeout.
(cherry picked from commit 52789ce35c55ccd30c4b67b9cc5b2af55e0122ea)
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Linux |
|
|
Weaknesses
CWE-416
Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
*CPE(s)
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| o | linux | linux_kernel | / | / | / | / | / | / | / | / |
| o | linux | linux_kernel | 6.12 | rc1 | / | / | / | / | / | / |
| o | linux | linux_kernel | 6.12 | rc2 | / | / | / | / | / | / |
Tags
CVSS Score
CVSS Data
- Attack Vector: LOCAL
- Attack Complexity: LOW
- Privileges Required: LOW
- Scope: UNCHANGED
- Confidentiality Impact: HIGH
- Integrity Impact: HIGH
- Availability Impact: HIGH
View Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date
- Published: Oct. 21, 2024, 8:15 p.m.
- Last Modified: Oct. 25, 2024, 2:06 p.m.
Status : Analyzed
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
416baaa9-dc9f-4396-8d5f-8c081fb06d67
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.