cve-2024-50174
Vulnerability from cvelistv5
Published
2024-11-08 05:23
Modified
2024-12-19 09:34
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race when converting group handle to group object XArray provides it's own internal lock which protects the internal array when entries are being simultaneously added and removed. However there is still a race between retrieving the pointer from the XArray and incrementing the reference count. To avoid this race simply hold the internal XArray lock when incrementing the reference count, this ensures there cannot be a racing call to xa_erase().
Impacted products
Vendor Product Version
Linux Linux Version: 6.10
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/panthor/panthor_sched.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8a585d553c11965332d7a2d74e79ef92a42bfc87",
              "status": "affected",
              "version": "de85488138247d034eb3241840424a54d660926b",
              "versionType": "git"
            },
            {
              "lessThan": "44742138d151c3a945460ae7beff8ae45ac0bf58",
              "status": "affected",
              "version": "de85488138247d034eb3241840424a54d660926b",
              "versionType": "git"
            },
            {
              "lessThan": "cac075706f298948898b1f63e81709df42afa75d",
              "status": "affected",
              "version": "de85488138247d034eb3241840424a54d660926b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/panthor/panthor_sched.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.10"
            },
            {
              "lessThan": "6.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Fix race when converting group handle to group object\n\nXArray provides it\u0027s own internal lock which protects the internal array\nwhen entries are being simultaneously added and removed. However there\nis still a race between retrieving the pointer from the XArray and\nincrementing the reference count.\n\nTo avoid this race simply hold the internal XArray lock when\nincrementing the reference count, this ensures there cannot be a racing\ncall to xa_erase()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:34:39.117Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8a585d553c11965332d7a2d74e79ef92a42bfc87"
        },
        {
          "url": "https://git.kernel.org/stable/c/44742138d151c3a945460ae7beff8ae45ac0bf58"
        },
        {
          "url": "https://git.kernel.org/stable/c/cac075706f298948898b1f63e81709df42afa75d"
        }
      ],
      "title": "drm/panthor: Fix race when converting group handle to group object",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50174",
    "datePublished": "2024-11-08T05:23:56.752Z",
    "dateReserved": "2024-10-21T19:36:19.963Z",
    "dateUpdated": "2024-12-19T09:34:39.117Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-50174\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-08T06:15:14.923\",\"lastModified\":\"2024-11-27T20:20:53.467\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ndrm/panthor: Fix race when converting group handle to group object\\n\\nXArray provides it\u0027s own internal lock which protects the internal array\\nwhen entries are being simultaneously added and removed. However there\\nis still a race between retrieving the pointer from the XArray and\\nincrementing the reference count.\\n\\nTo avoid this race simply hold the internal XArray lock when\\nincrementing the reference count, this ensures there cannot be a racing\\ncall to xa_erase().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/panthor: Se corrige la ejecuci\u00f3n al convertir el identificador de grupo en un objeto de grupo XArray proporciona su propio bloqueo interno que protege la matriz interna cuando se agregan y eliminan entradas simult\u00e1neamente. Sin embargo, todav\u00eda hay una ejecuci\u00f3n entre recuperar el puntero de XArray e incrementar el recuento de referencias. Para evitar esta ejecuci\u00f3n, simplemente mantenga el bloqueo interno de XArray al incrementar el recuento de referencias, esto garantiza que no pueda haber una llamada de ejecuci\u00f3n a xa_erase().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.10\",\"versionEndExcluding\":\"6.10.14\",\"matchCriteriaId\":\"20A9A1A8-B921-4FB1-BC2B-00E240DE3643\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.11\",\"versionEndExcluding\":\"6.11.3\",\"matchCriteriaId\":\"54D9C704-D679-41A7-9C40-10A6B1E7FFE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/44742138d151c3a945460ae7beff8ae45ac0bf58\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8a585d553c11965332d7a2d74e79ef92a42bfc87\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cac075706f298948898b1f63e81709df42afa75d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.