Executive Summary

Informations
Name CVE-2024-46683 First vendor Publication 2024-09-13
Vendor Cve Last vendor Modification 2024-09-13

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 7.8
Base Score 7.8 Environmental Score 7.8
impact SubScore 5.9 Temporal Score 7.8
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

drm/xe: prevent UAF around preempt fence

The fence lock is part of the queue, therefore in the current design anything locking the fence should then also hold a ref to the queue to prevent the queue from being freed.

However, currently it looks like we signal the fence and then drop the queue ref, but if something is waiting on the fence, the waiter is kicked to wake up at some later point, where upon waking up it first grabs the lock before checking the fence state. But if we have already dropped the queue ref, then the lock might already be freed as part of the queue, leading to uaf.

To prevent this, move the fence lock into the fence itself so we don't run into lifetime issues. Alternative might be to have device level lock, or only release the queue in the fence release callback, however that might require pushing to another worker to avoid locking issues.

References: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2454 References: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2342 References: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2020 (cherry picked from commit 7116c35aacedc38be6d15bd21b2fc936eed0008b)

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46683

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-416 Use After Free

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3604

Sources (Detail)

https://git.kernel.org/stable/c/10081b0b0ed201f53e24bd92deb2e0f3c3e713d4
https://git.kernel.org/stable/c/730b72480e29f63fd644f5fa57c9d46109428953
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2024-10-03 02:53:42
  • Multiple Updates
2024-10-02 02:52:06
  • Multiple Updates
2024-09-14 21:29:41
  • Multiple Updates
2024-09-14 02:48:00
  • Multiple Updates
2024-09-14 02:47:05
  • Multiple Updates
2024-09-13 21:27:35
  • Multiple Updates
2024-09-13 13:27:27
  • First insertion