CVE-2024-46866

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: add missing bo locking in show_meminfo() bo_meminfo() wants to inspect bo state like tt and the ttm resource, however this state can change at any point leading to stuff like NPD and UAF, if the bo lock is not held. Grab the bo lock when calling bo_meminfo(), ensuring we drop any spinlocks first. In the case of object_idr we now also need to hold a ref. v2 (MattB) - Also add xe_bo_assert_held() (cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/94c4aa266111262c96c98f822d1bccc494786fee	Patch
https://git.kernel.org/stable/c/abc8feacacf8fae10eecf6fea7865e8c1fee419c	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc7::::::

History

No history.

Information

Published : 2024-09-27 13:15

Updated : 2024-10-01 17:09

NVD link : CVE-2024-46866

Mitre link : CVE-2024-46866

CVE.ORG link : CVE-2024-46866

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-667

Improper Locking

{"id": "CVE-2024-46866", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-09-27T13:15:17.887", "references": [{"url": "https://git.kernel.org/stable/c/94c4aa266111262c96c98f822d1bccc494786fee", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/abc8feacacf8fae10eecf6fea7865e8c1fee419c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: add missing bo locking in show_meminfo()\n\nbo_meminfo() wants to inspect bo state like tt and the ttm resource,\nhowever this state can change at any point leading to stuff like NPD and\nUAF, if the bo lock is not held. Grab the bo lock when calling\nbo_meminfo(), ensuring we drop any spinlocks first. In the case of\nobject_idr we now also need to hold a ref.\n\nv2 (MattB)\n - Also add xe_bo_assert_held()\n\n(cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe/client: a\u00f1adir bloqueo de bo faltante en show_meminfo() bo_meminfo() quiere inspeccionar el estado de bo como tt y el recurso ttm, sin embargo, este estado puede cambiar en cualquier momento y provocar problemas como NPD y UAF, si no se mantiene el bloqueo de bo. Toma el bloqueo de bo al llamar a bo_meminfo(), asegur\u00e1ndote de que eliminamos primero cualquier spinlock. En el caso de object_idr, ahora tambi\u00e9n necesitamos mantener una referencia. v2 (MattB) - Tambi\u00e9n a\u00f1ade xe_bo_assert_held() (seleccionado de el commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)"}], "lastModified": "2024-10-01T17:09:30.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E37B0F4-93E6-45B2-A53B-7C2917892296", "versionEndExcluding": "6.10.11", "versionStartIncluding": "6.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE5298B3-04B4-4F3E-B186-01A58B5C75A6"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}