ghsa-j7v5-x62w-r9x3
Vulnerability from github
Published
2024-11-08 06:30
Modified
2024-11-27 21:32
Severity ?
Details
In the Linux kernel, the following vulnerability has been resolved:
drm/panthor: Fix race when converting group handle to group object
XArray provides it's own internal lock which protects the internal array when entries are being simultaneously added and removed. However there is still a race between retrieving the pointer from the XArray and incrementing the reference count.
To avoid this race simply hold the internal XArray lock when incrementing the reference count, this ensures there cannot be a racing call to xa_erase().
{ "affected": [], "aliases": [ "CVE-2024-50174" ], "database_specific": { "cwe_ids": [ "CWE-362" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-11-08T06:15:14Z", "severity": "MODERATE" }, "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Fix race when converting group handle to group object\n\nXArray provides it\u0027s own internal lock which protects the internal array\nwhen entries are being simultaneously added and removed. However there\nis still a race between retrieving the pointer from the XArray and\nincrementing the reference count.\n\nTo avoid this race simply hold the internal XArray lock when\nincrementing the reference count, this ensures there cannot be a racing\ncall to xa_erase().", "id": "GHSA-j7v5-x62w-r9x3", "modified": "2024-11-27T21:32:43Z", "published": "2024-11-08T06:30:48Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50174" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/44742138d151c3a945460ae7beff8ae45ac0bf58" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/8a585d553c11965332d7a2d74e79ef92a42bfc87" }, { "type": "WEB", "url": "https://git.kernel.org/stable/c/cac075706f298948898b1f63e81709df42afa75d" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.