Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-44982

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/09/2024
Last modified:
03/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails<br /> <br /> If the dpu_format_populate_layout() fails, then FB is prepared, but not<br /> cleaned up. This ends up leaking the pin_count on the GEM object and<br /> causes a splat during DRM file closure:<br /> <br /> msm_obj-&gt;pin_count<br /> WARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc<br /> [...]<br /> Call trace:<br /> update_lru_locked+0xc4/0xcc<br /> put_pages+0xac/0x100<br /> msm_gem_free_object+0x138/0x180<br /> drm_gem_object_free+0x1c/0x30<br /> drm_gem_object_handle_put_unlocked+0x108/0x10c<br /> drm_gem_object_release_handle+0x58/0x70<br /> idr_for_each+0x68/0xec<br /> drm_gem_release+0x28/0x40<br /> drm_file_free+0x174/0x234<br /> drm_release+0xb0/0x160<br /> __fput+0xc0/0x2c8<br /> __fput_sync+0x50/0x5c<br /> __arm64_sys_close+0x38/0x7c<br /> invoke_syscall+0x48/0x118<br /> el0_svc_common.constprop.0+0x40/0xe0<br /> do_el0_svc+0x1c/0x28<br /> el0_svc+0x4c/0x120<br /> el0t_64_sync_handler+0x100/0x12c<br /> el0t_64_sync+0x190/0x194<br /> irq event stamp: 129818<br /> hardirqs last enabled at (129817): [] console_unlock+0x118/0x124<br /> hardirqs last disabled at (129818): [] el1_dbg+0x24/0x8c<br /> softirqs last enabled at (129808): [] handle_softirqs+0x4c8/0x4e8<br /> softirqs last disabled at (129785): [] __do_softirq+0x14/0x20<br /> <br /> Patchwork: https://patchwork.freedesktop.org/patch/600714/

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.19 (including) 5.15.166 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.107 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.48 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.10.7 (excluding)
cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools