CVE-2024-53087: drm/xe: Fix possible exec queue leak in exec IOCTL
First published: Tue Nov 19 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix possible exec queue leak in exec IOCTL In a couple of places after an exec queue is looked up the exec IOCTL returns on input errors without dropping the exec queue ref. Fix this ensuring the exec queue ref is dropped on input error. (cherry picked from commit 07064a200b40ac2195cb6b7b779897d9377e5e6f)
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=6.8<6.11.8 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 | |
| Linux Kernel | =6.12-rc4 | |
| Linux Kernel | =6.12-rc5 | |
| Linux Kernel | =6.12-rc6 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/2f92b77a8ce043fbda2664d9be4b66bdc57f67b7
- https://git.kernel.org/stable/c/af797b831d8975cb4610f396dcb7f03f4b9908e7
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53087
- https://nvd.nist.gov/vuln/detail/CVE-2024-53087
- https://launchpad.net/bugs/cve/CVE-2024-53087
- https://security-tracker.debian.org/tracker/CVE-2024-53087
- https://ubuntu.com/security/CVE-2024-53087
- https://git.kernel.org/linus/af797b831d8975cb4610f396dcb7f03f4b9908e7
Frequently Asked Questions
What is the severity of CVE-2024-53087?
CVE-2024-53087 is classified as a moderate severity vulnerability in the Linux kernel.
What software is affected by CVE-2024-53087?
CVE-2024-53087 affects multiple versions of the Linux kernel, specifically between 6.8 and 6.11.8, as well as various 6.12 release candidates.
How do I fix CVE-2024-53087?
You can address CVE-2024-53087 by updating the Linux kernel to the latest stable version or applying the appropriate patches if available.
What type of vulnerability is CVE-2024-53087?
CVE-2024-53087 is an execution flow vulnerability due to a potential exec queue leak in the Linux kernel.
Can CVE-2024-53087 be exploited remotely?
CVE-2024-53087 does not appear to be a remote exploit vulnerability, but it could potentially be exploited locally by a user with access to the system.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/severity
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- collector/nvd-cve
- agent/source
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.8
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3
- version/linux kernel/6.12-rc4
- version/linux kernel/6.12-rc5
- version/linux kernel/6.12-rc6
- package-manager/debian