2315218 – (CVE-2024-46866) CVE-2024-46866 kernel: drm/xe/client: add missing bo locking in show_meminfo()

Bug 2315218 (CVE-2024-46866) - CVE-2024-46866 kernel: drm/xe/client: add missing bo locking in show_meminfo()

Summary: CVE-2024-46866 kernel: drm/xe/client: add missing bo locking in show_meminfo()

Keywords:
Status:	NEW
Alias:	CVE-2024-46866
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2315237
Blocks:
TreeView+	depends on / blocked

Reported:	2024-09-27 13:23 UTC by OSIDB Bzimport
Modified:	2024-10-02 14:42 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-09-27 13:23:32 UTC

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/client: add missing bo locking in show_meminfo()

bo_meminfo() wants to inspect bo state like tt and the ttm resource,
however this state can change at any point leading to stuff like NPD and
UAF, if the bo lock is not held. Grab the bo lock when calling
bo_meminfo(), ensuring we drop any spinlocks first. In the case of
object_idr we now also need to hold a ref.

v2 (MattB)
  - Also add xe_bo_assert_held()

(cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)

Comment 1 Robb Gatica 2024-09-27 14:23:58 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024092746-CVE-2024-46866-c414@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.