fkie_cve-2024-57844
Vulnerability from fkie_nvd
Published
2025-01-15 13:15
Modified
2025-10-17 17:17
Summary
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix fault on fd close after unbind If userspace holds an fd open, unbinds the device and then closes it, the driver shouldn't try to access the hardware. Protect it by using drm_dev_enter()/drm_dev_exit(). This fixes the following page fault: <6> [IGT] xe_wedged: exiting, ret=98 <1> BUG: unable to handle page fault for address: ffffc901bc5e508c <1> #PF: supervisor read access in kernel mode <1> #PF: error_code(0x0000) - not-present page ... <4> xe_lrc_update_timestamp+0x1c/0xd0 [xe] <4> xe_exec_queue_update_run_ticks+0x50/0xb0 [xe] <4> xe_exec_queue_fini+0x16/0xb0 [xe] <4> __guc_exec_queue_fini_async+0xc4/0x190 [xe] <4> guc_exec_queue_fini_async+0xa0/0xe0 [xe] <4> guc_exec_queue_fini+0x23/0x40 [xe] <4> xe_exec_queue_destroy+0xb3/0xf0 [xe] <4> xe_file_close+0xd4/0x1a0 [xe] <4> drm_file_free+0x210/0x280 [drm] <4> drm_close_helper.isra.0+0x6d/0x80 [drm] <4> drm_release_noglobal+0x20/0x90 [drm] (cherry picked from commit 4ca1fd418338d4d135428a0eb1e16e3b3ce17ee8)
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51AF98D0-F3AA-4960-8230-B6DE6A952104",
              "versionEndExcluding": "6.12.9",
              "versionStartIncluding": "6.12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:-:*:*:*:*:*:*",
              "matchCriteriaId": "0E698080-7669-4132-8817-4C674EEBCE54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "1EF8CD82-1EAE-4254-9545-F85AB94CF90F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "93C0660D-7FB8-4FBA-892A-B064BA71E49E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "034C36A6-C481-41F3-AE9A-D116E5BE6895",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix fault on fd close after unbind\n\nIf userspace holds an fd open, unbinds the device and then closes it,\nthe driver shouldn\u0027t try to access the hardware. Protect it by using\ndrm_dev_enter()/drm_dev_exit(). This fixes the following page fault:\n\n\u003c6\u003e [IGT] xe_wedged: exiting, ret=98\n\u003c1\u003e BUG: unable to handle page fault for address: ffffc901bc5e508c\n\u003c1\u003e #PF: supervisor read access in kernel mode\n\u003c1\u003e #PF: error_code(0x0000) - not-present page\n...\n\u003c4\u003e   xe_lrc_update_timestamp+0x1c/0xd0 [xe]\n\u003c4\u003e   xe_exec_queue_update_run_ticks+0x50/0xb0 [xe]\n\u003c4\u003e   xe_exec_queue_fini+0x16/0xb0 [xe]\n\u003c4\u003e   __guc_exec_queue_fini_async+0xc4/0x190 [xe]\n\u003c4\u003e   guc_exec_queue_fini_async+0xa0/0xe0 [xe]\n\u003c4\u003e   guc_exec_queue_fini+0x23/0x40 [xe]\n\u003c4\u003e   xe_exec_queue_destroy+0xb3/0xf0 [xe]\n\u003c4\u003e   xe_file_close+0xd4/0x1a0 [xe]\n\u003c4\u003e   drm_file_free+0x210/0x280 [drm]\n\u003c4\u003e   drm_close_helper.isra.0+0x6d/0x80 [drm]\n\u003c4\u003e   drm_release_noglobal+0x20/0x90 [drm]\n\n(cherry picked from commit 4ca1fd418338d4d135428a0eb1e16e3b3ce17ee8)"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe: Se corrige un error en el cierre de fd despu\u00e9s de desvincular Si el espacio de usuario mantiene abierto un fd, desvincula el dispositivo y luego lo cierra, el controlador no deber\u00eda intentar acceder al hardware. Prot\u00e9jalo usando drm_dev_enter()/drm_dev_exit(). Esto corrige el siguiente error de p\u00e1gina: \u0026lt;6\u0026gt; [IGT] xe_wedged: saliendo, ret=98 \u0026lt;1\u0026gt; ERROR: no se puede gestionar el error de p\u00e1gina para la direcci\u00f3n: ffffc901bc5e508c \u0026lt;1\u0026gt; #PF: acceso de lectura del supervisor en modo kernel \u0026lt;1\u0026gt; #PF: error_code(0x0000) - not-present page ... \u0026lt;4\u0026gt; xe_lrc_update_timestamp+0x1c/0xd0 [xe] \u0026lt;4\u0026gt; xe_exec_queue_update_run_ticks+0x50/0xb0 [xe] \u0026lt;4\u0026gt; xe_exec_queue_fini+0x16/0xb0 [xe] \u0026lt;4\u0026gt; __guc_exec_queue_fini_async+0xc4/0x190 [xe] \u0026lt;4\u0026gt; guc_exec_queue_fini_async+0xa0/0xe0 [xe] \u0026lt;4\u0026gt; guc_exec_queue_fini+0x23/0x40 [xe] \u0026lt;4\u0026gt; xe_exec_queue_destroy+0xb3/0xf0 [xe] \u0026lt;4\u0026gt; xe_file_close+0xd4/0x1a0 [xe] \u0026lt;4\u0026gt; drm_file_free+0x210/0x280 [drm] \u0026lt;4\u0026gt; drm_close_helper.isra.0+0x6d/0x80 [drm] \u0026lt;4\u0026gt; drm_release_noglobal+0x20/0x90 [drm] (seleccionado de el commit 4ca1fd418338d4d135428a0eb1e16e3b3ce17ee8)"
    }
  ],
  "id": "CVE-2024-57844",
  "lastModified": "2025-10-17T17:17:06.587",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-01-15T13:15:12.277",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/924d43bd10a1f6723ac5181a6e6cc2196ba98cdd"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/fe39b222a4139354d32ff9d46b88757f63f71d63"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…