In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Remove rcu locks from user resources User resource lookups used rcu to avoid two extra atomics. Unfortunately the rcu paths were buggy and it was easy to make the driver crash by submitting command buffers from two different threads. Because the lookups never show up in performance profiles replace them with a regular spin lock which fixes the races in accesses to those shared resources. Fixes kernel oops'es in IGT's vmwgfx execution_buffer stress test and seen crashes with apps using shared resources.
History

Wed, 11 Sep 2024 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
Metrics threat_severity

Moderate

threat_severity

Low


Wed, 11 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 06 Sep 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Wed, 21 Aug 2024 21:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Wed, 21 Aug 2024 06:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Remove rcu locks from user resources User resource lookups used rcu to avoid two extra atomics. Unfortunately the rcu paths were buggy and it was easy to make the driver crash by submitting command buffers from two different threads. Because the lookups never show up in performance profiles replace them with a regular spin lock which fixes the races in accesses to those shared resources. Fixes kernel oops'es in IGT's vmwgfx execution_buffer stress test and seen crashes with apps using shared resources.
Title drm/vmwgfx: Remove rcu locks from user resources
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-08-21T06:10:19.073Z

Updated: 2024-12-19T08:09:52.796Z

Reserved: 2024-08-21T06:06:23.290Z

Link: CVE-2022-48887

cve-icon Vulnrichment

Updated: 2024-09-11T12:42:11.773Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-21T07:15:05.143

Modified: 2024-09-06T14:55:46.460

Link: CVE-2022-48887

cve-icon Redhat

Severity : Low

Publid Date: 2024-08-21T00:00:00Z

Links: CVE-2022-48887 - Bugzilla