SecuriTricks - CVE-2024-53087

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix possible exec queue leak in exec IOCTL In a couple of places after an exec queue is looked up the exec IOCTL returns on input errors without dropping the exec queue ref. Fix this ensuring the exec queue ref is dropped on input error. (cherry picked from commit 07064a200b40ac2195cb6b7b779897d9377e5e6f)

Product(s) Impacted

Vendor	Product	Versions
Linux	Linux Kernel	*, 6.12

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	linux	linux_kernel	/	/	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc1	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc2	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc3	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc4	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc5	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc6	/	/	/	/	/	/

References

https://git.kernel.org/stable/c/2f92b77a8ce043fbda2664d9be4b66bdc57f67b7

https://git.kernel.org/stable/c/af797b831d8975cb4610f396dcb7f03f4b9908e7

CVSS Score

5.5 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

View Vector String

Timeline

Published: Nov. 19, 2024, 6:15 p.m.
Last Modified: Nov. 27, 2024, 8:08 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE-2024-53087