CVE-2024-50149: drm/xe: Don't free job in TDR
First published: Thu Nov 07 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't free job in TDR Freeing job in TDR is not safe as TDR can pass the run_job thread resulting in UAF. It is only safe for free job to naturally be called by the scheduler. Rather free job in TDR, add to pending list. (cherry picked from commit ea2f6a77d0c40d97f4a4dc93fee4afe15d94926d)
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=6.10<6.11.6 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/be8fe75e57f8fa3f87e3b1c283cc7cd9f9b80867
- https://git.kernel.org/stable/c/82926f52d7a09c65d916c0ef8d4305fc95d68c0c
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50149
- https://nvd.nist.gov/vuln/detail/CVE-2024-50149
- https://launchpad.net/bugs/cve/CVE-2024-50149
- https://security-tracker.debian.org/tracker/CVE-2024-50149
- https://ubuntu.com/security/CVE-2024-50149
- https://git.kernel.org/linus/82926f52d7a09c65d916c0ef8d4305fc95d68c0c
Frequently Asked Questions
What is the severity of CVE-2024-50149?
CVE-2024-50149 is classified as a high severity vulnerability due to the potential for use-after-free conditions in the Linux kernel.
How do I fix CVE-2024-50149?
To fix CVE-2024-50149, update the Linux kernel to version 6.12 or later, or to the latest stable release beyond 6.11.6.
What versions of the Linux kernel are affected by CVE-2024-50149?
CVE-2024-50149 affects Linux kernel versions from 6.10 up to 6.11.6 and includes 6.12 release candidates (rc1, rc2, rc3).
What is the impact of CVE-2024-50149 on systems?
The impact of CVE-2024-50149 may lead to system instability and potential exploitation through use-after-free vulnerabilities.
Who should be concerned about CVE-2024-50149?
System administrators and users running the affected versions of the Linux kernel should be concerned about CVE-2024-50149 and take action to mitigate the risk.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- agent/references
- agent/source
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.10
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3
- package-manager/debian