CVE-2024-46867

MEDIUM

Linux Kernel 6.8-6.10.10 - Deadlock in drm/xe/client show_meminfo

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: fix deadlock in show_meminfo() There is a real deadlock as well as sleeping in atomic() bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. Fix that by dropping the ref using xe_bo_put_deferred(), and moving the final commit outside of the lock. Dropping the lock around the put is tricky since the bo can go out of scope and delete itself from the list, making it difficult to navigate to the next list entry. (cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/9d3de463e23bfb1ff1567a32b099b1b3e5286a48

Patch

https://git.kernel.org/stable/c/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b

Scores

CVSS v3 5.5

EPSS 0.0014

EPSS Percentile 3.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-667

Status published

Products (9)

linux/Kernel 6.8.0 - 6.10.11linux

Linux/Linux < 6.8

Linux/Linux 0845233388f8a26d00acf9bf230cfd4f36aa4c30 - 9bd7ff293fc84792514aeafa06c5a17f05cb5f4b

Linux/Linux 0845233388f8a26d00acf9bf230cfd4f36aa4c30 - 9d3de463e23bfb1ff1567a32b099b1b3e5286a48

Linux/Linux 6.10.11 - 6.10.*

Linux/Linux 6.11

Linux/Linux 6.8

linux/linux_kernel 6.11 rc1 (7 CPE variants)

linux/linux_kernel 6.8 - 6.10.11

Published Sep 27, 2024

Tracked Since Feb 18, 2026