In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Remove rcu locks from user resources
User resource lookups used rcu to avoid two extra atomics. Unfortunately
the rcu paths were buggy and it was easy to make the driver crash by
submitting command buffers from two different threads. Because the
lookups never show up in performance profiles replace them with a
regular spin lock which fixes the races in accesses to those shared
resources.
Fixes kernel oops'es in IGT's vmwgfx execution_buffer stress test and
seen crashes with apps using shared resources.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Sep 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-362 | |
Metrics |
threat_severity
|
threat_severity
|
Wed, 11 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 06 Sep 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:* |
|
Vendors & Products |
Linux
Linux linux Kernel |
Wed, 21 Aug 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Wed, 21 Aug 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Remove rcu locks from user resources User resource lookups used rcu to avoid two extra atomics. Unfortunately the rcu paths were buggy and it was easy to make the driver crash by submitting command buffers from two different threads. Because the lookups never show up in performance profiles replace them with a regular spin lock which fixes the races in accesses to those shared resources. Fixes kernel oops'es in IGT's vmwgfx execution_buffer stress test and seen crashes with apps using shared resources. | |
Title | drm/vmwgfx: Remove rcu locks from user resources | |
References |
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-08-21T06:10:19.073Z
Updated: 2024-12-19T08:09:52.796Z
Reserved: 2024-08-21T06:06:23.290Z
Link: CVE-2022-48887
Vulnrichment
Updated: 2024-09-11T12:42:11.773Z
NVD
Status : Analyzed
Published: 2024-08-21T07:15:05.143
Modified: 2024-09-06T14:55:46.460
Link: CVE-2022-48887
Redhat