ghsa-rp89-9jxh-73fw
Vulnerability from github
Published
2024-09-27 15:30
Modified
2024-10-01 18:31
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/client: fix deadlock in show_meminfo()

There is a real deadlock as well as sleeping in atomic() bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. Fix that by dropping the ref using xe_bo_put_deferred(), and moving the final commit outside of the lock. Dropping the lock around the put is tricky since the bo can go out of scope and delete itself from the list, making it difficult to navigate to the next list entry.

(cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-46867"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-667"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-27T13:15:17Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: fix deadlock in show_meminfo()\n\nThere is a real deadlock as well as sleeping in atomic() bug in here, if\nthe bo put happens to be the last ref, since bo destruction wants to\ngrab the same spinlock and sleeping locks.  Fix that by dropping the ref\nusing xe_bo_put_deferred(), and moving the final commit outside of the\nlock. Dropping the lock around the put is tricky since the bo can go\nout of scope and delete itself from the list, making it difficult to\nnavigate to the next list entry.\n\n(cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)",
  "id": "GHSA-rp89-9jxh-73fw",
  "modified": "2024-10-01T18:31:17Z",
  "published": "2024-09-27T15:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46867"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9d3de463e23bfb1ff1567a32b099b1b3e5286a48"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.