CVE-2024-53087

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix possible exec queue leak in exec IOCTL In a couple of places after an exec queue is looked up the exec IOCTL returns on input errors without dropping the exec queue ref. Fix this ensuring the exec queue ref is dropped on input error. (cherry picked from commit 07064a200b40ac2195cb6b7b779897d9377e5e6f)

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/2f92b77a8ce043fbda2664d9be4b66bdc57f67b7	Patch
https://git.kernel.org/stable/c/af797b831d8975cb4610f396dcb7f03f4b9908e7	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.12:rc6::::::

History

No history.

Information

Published : 2024-11-19 18:15

Updated : 2024-11-27 20:08

NVD link : CVE-2024-53087

Mitre link : CVE-2024-53087

CVE.ORG link : CVE-2024-53087

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2024-53087", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-11-19T18:15:27.883", "references": [{"url": "https://git.kernel.org/stable/c/2f92b77a8ce043fbda2664d9be4b66bdc57f67b7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/af797b831d8975cb4610f396dcb7f03f4b9908e7", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix possible exec queue leak in exec IOCTL\n\nIn a couple of places after an exec queue is looked up the exec IOCTL\nreturns on input errors without dropping the exec queue ref. Fix this\nensuring the exec queue ref is dropped on input error.\n\n(cherry picked from commit 07064a200b40ac2195cb6b7b779897d9377e5e6f)"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe: Se corrige una posible p\u00e9rdida de cola de ejecuci\u00f3n en la IOCTL de ejecuci\u00f3n. En un par de lugares, despu\u00e9s de que se busca una cola de ejecuci\u00f3n, la IOCTL de ejecuci\u00f3n devuelve errores de entrada sin descartar la referencia de la cola de ejecuci\u00f3n. Se soluciona este problema asegur\u00e1ndose de descartar la referencia de la cola de ejecuci\u00f3n en caso de error de entrada. (seleccionado de el commit 07064a200b40ac2195cb6b7b779897d9377e5e6f)"}], "lastModified": "2024-11-27T20:08:11.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24AB354E-701F-4D6C-8B18-A0BBA5C21C30", "versionEndExcluding": "6.11.8", "versionStartIncluding": "6.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}