In the Linux kernel, the following vulnerability has been resolved:
drm/xe/client: add missing bo locking in show_meminfo()
bo_meminfo() wants to inspect bo state like tt and the ttm resource,
however this state can change at any point leading to stuff like NPD and
UAF, if the bo lock is not held. Grab the bo lock when calling
bo_meminfo(), ensuring we drop any spinlocks first. In the case of
object_idr we now also need to hold a ref.
v2 (MattB)
- Also add xe_bo_assert_held()
(cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)
Metrics
Affected Vendors & Products
References
History
Tue, 01 Oct 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.11:rc7:*:*:*:*:*:* |
Tue, 01 Oct 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel |
|
Weaknesses | CWE-667 | |
CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
Vendors & Products |
Linux
Linux linux Kernel |
Tue, 01 Oct 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-413 |
Sun, 29 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Sat, 28 Sep 2024 01:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Fri, 27 Sep 2024 12:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: add missing bo locking in show_meminfo() bo_meminfo() wants to inspect bo state like tt and the ttm resource, however this state can change at any point leading to stuff like NPD and UAF, if the bo lock is not held. Grab the bo lock when calling bo_meminfo(), ensuring we drop any spinlocks first. In the case of object_idr we now also need to hold a ref. v2 (MattB) - Also add xe_bo_assert_held() (cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7) | |
Title | drm/xe/client: add missing bo locking in show_meminfo() | |
References |
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-09-27T12:42:54.381Z
Updated: 2024-12-19T09:25:02.565Z
Reserved: 2024-09-11T15:12:18.294Z
Link: CVE-2024-46866
Vulnrichment
Updated: 2024-09-29T13:41:41.019Z
NVD
Status : Analyzed
Published: 2024-09-27T13:15:17.887
Modified: 2024-10-01T17:09:30.000
Link: CVE-2024-46866
Redhat