2324337 – (CVE-2024-50149) CVE-2024-50149 kernel: drm/xe: Don't free job in TDR

Bug 2324337 (CVE-2024-50149) - CVE-2024-50149 kernel: drm/xe: Don't free job in TDR

Summary: CVE-2024-50149 kernel: drm/xe: Don't free job in TDR

Keywords:
Status:	NEW
Alias:	CVE-2024-50149
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2324382
Blocks:
TreeView+	depends on / blocked

Reported:	2024-11-07 10:02 UTC by OSIDB Bzimport
Modified:	2024-11-18 11:39 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-11-07 10:02:44 UTC

In the Linux kernel, the following vulnerability has been resolved:

drm/xe: Don't free job in TDR

Freeing job in TDR is not safe as TDR can pass the run_job thread
resulting in UAF. It is only safe for free job to naturally be called by
the scheduler. Rather free job in TDR, add to pending list.

(cherry picked from commit ea2f6a77d0c40d97f4a4dc93fee4afe15d94926d)

Comment 1 Robb Gatica 2024-11-07 15:50:36 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024110744-CVE-2024-50149-8ac4@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.