CVE-2024-46866

{"id": "CVE-2024-46866", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-09-27T13:15:17.887", "references": [{"url": "https://git.kernel.org/stable/c/94c4aa266111262c96c98f822d1bccc494786fee", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/abc8feacacf8fae10eecf6fea7865e8c1fee419c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-667"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/client: add missing bo locking in show_meminfo()\n\nbo_meminfo() wants to inspect bo state like tt and the ttm resource,\nhowever this state can change at any point leading to stuff like NPD and\nUAF, if the bo lock is not held. Grab the bo lock when calling\nbo_meminfo(), ensuring we drop any spinlocks first. In the case of\nobject_idr we now also need to hold a ref.\n\nv2 (MattB)\n - Also add xe_bo_assert_held()\n\n(cherry picked from commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe/client: a\u00f1adir bloqueo de bo faltante en show_meminfo() bo_meminfo() quiere inspeccionar el estado de bo como tt y el recurso ttm, sin embargo, este estado puede cambiar en cualquier momento y provocar problemas como NPD y UAF, si no se mantiene el bloqueo de bo. Toma el bloqueo de bo al llamar a bo_meminfo(), asegur\u00e1ndote de que eliminamos primero cualquier spinlock. En el caso de object_idr, ahora tambi\u00e9n necesitamos mantener una referencia. v2 (MattB) - Tambi\u00e9n a\u00f1ade xe_bo_assert_held() (seleccionado de el commit 4f63d712fa104c3ebefcb289d1e733e86d8698c7)"}], "lastModified": "2024-10-01T17:09:30.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E37B0F4-93E6-45B2-A53B-7C2917892296", "versionEndExcluding": "6.10.11", "versionStartIncluding": "6.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE5298B3-04B4-4F3E-B186-01A58B5C75A6"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}