216.73.217.80

CVE-2024-46866

· Published 27/09/2024 13:15 · Modified 01/10/2024 17:09

Labels: CVE-2024-46866 2024-09-27416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2024-46866CWE-667

Essential information

Published
27/09/2024 13:15
Modified
01/10/2024 17:09
Author
Creator
CVSS
5.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: add missing bo locking in show_meminfo() bo_meminfo() wants to inspect bo state like tt and the ttm resource, however this state can change at any point leading to stuff like NPD and UAF, if the bo lock is not held. Grab the bo lock when calling bo_meminfo(), ensuring we drop any spinlocks first. In the case of object_idr we now also need to hold a ref. v2 (MattB) - Also add xe_bo_assert_held() (cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD
View on NVD

Affected products (CPE)

ProductCPE
linux / linux kernel cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*
linux / linux kernel cpe:2.3:o:linux:linux_kernel:6.11:rc7:*:*:*:*:*:*

References