ghsa-4p6c-9pp4-835h
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
drm/vc4: Stop the active perfmon before being destroyed
Upon closing the file descriptor, the active performance monitor is not
stopped. Although all perfmons are destroyed in vc4_perfmon_close_file()
,
the active performance monitor's pointer (vc4->active_perfmon
) is still
retained.
If we open a new file descriptor and submit a few jobs with performance
monitors, the driver will attempt to stop the active performance monitor
using the stale pointer in vc4->active_perfmon
. However, this pointer
is no longer valid because the previous process has already terminated,
and all performance monitors associated with it have been destroyed and
freed.
To fix this, when the active performance monitor belongs to a given process, explicitly stop it before destroying and freeing it.
{ "affected": [], "aliases": [ "CVE-2024-50187" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-11-08T06:15:15Z", "severity": "MODERATE" }, "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: Stop the active perfmon before being destroyed\n\nUpon closing the file descriptor, the active performance monitor is not\nstopped. Although all perfmons are destroyed in `vc4_perfmon_close_file()`,\nthe active performance monitor\u0027s pointer (`vc4-\u003eactive_perfmon`) is still\nretained.\n\nIf we open a new file descriptor and submit a few jobs with performance\nmonitors, the driver will attempt to stop the active performance monitor\nusing the stale pointer in `vc4-\u003eactive_perfmon`. However, this pointer\nis no longer valid because the previous process has already terminated,\nand all performance monitors associated with it have been destroyed and\nfreed.\n\nTo fix this, when the active performance monitor belongs to a given\nprocess, explicitly stop it before destroying and freeing it.", "id": "GHSA-4p6c-9pp4-835h", "modified": "2024-11-28T00:39:25Z", "published": "2024-11-08T06:30:48Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50187" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/0b2ad4f6f2bec74a5287d96cb2325a5e11706f22" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/75452da51e2403e14be007df80d133e1443fc967" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/937943c042503dc6087438bf3557f9057a588ba0" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/c9adba739d5f7cdc47a7754df4a17b47b1ecf513" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.