CVE-2024-42263: drm/v3d: Fix potential memory leak in the timestamp extension
First published: Sat Aug 17 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix potential memory leak in the timestamp extension If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drm_syncobj_put. Fix it by exporting and using a common cleanup helper. (cherry picked from commit 753ce4fea62182c77e1691ab4f9022008f25b62e)
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=6.8<6.10.4 | |
| Linux Kernel | =6.11-rc1 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1 6.12.11-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/0e50fcc20bd87584840266e8004f9064a8985b4f
- https://git.kernel.org/stable/c/9b5033ee2c5af6d1135a403df32d219ab57e55f9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42263
- https://nvd.nist.gov/vuln/detail/CVE-2024-42263
- https://launchpad.net/bugs/cve/CVE-2024-42263
- https://security-tracker.debian.org/tracker/CVE-2024-42263
- https://ubuntu.com/security/CVE-2024-42263
- https://git.kernel.org/linus/0e50fcc20bd87584840266e8004f9064a8985b4f
Frequently Asked Questions
What is the severity of CVE-2024-42263?
CVE-2024-42263 has a high severity due to the potential memory leak in the Linux kernel's DRM subsystem.
How do I fix CVE-2024-42263?
You can fix CVE-2024-42263 by updating to the latest patched version of the Linux kernel that addresses this vulnerability.
Which versions of the Linux kernel are affected by CVE-2024-42263?
CVE-2024-42263 affects Linux kernel versions between 6.8 and 6.10.4, as well as version 6.11-rc1.
What type of vulnerability is CVE-2024-42263?
CVE-2024-42263 is a memory leak vulnerability in the DRM component of the Linux kernel.
Can CVE-2024-42263 be exploited remotely?
CVE-2024-42263 is primarily an issue within the local execution context of the Linux kernel, making remote exploitation less likely.
- agent/title
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-cve
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.8
- version/linux kernel/6.11-rc1
- package-manager/debian