CVE-2024-50149

MEDIUM

Linux Kernel 6.10-6.11.5 - Use-After-Free in drm/xe TDR Job Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't free job in TDR Freeing job in TDR is not safe as TDR can pass the run_job thread resulting in UAF. It is only safe for free job to naturally be called by the scheduler. Rather free job in TDR, add to pending list. (cherry picked from commit ea2f6a77d0c40d97f4a4dc93fee4afe15d94926d)

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/be8fe75e57f8fa3f87e3b1c283cc7cd9f9b80867

Patch

https://git.kernel.org/stable/c/82926f52d7a09c65d916c0ef8d4305fc95d68c0c

Scores

CVSS v3 5.5

EPSS 0.0020

EPSS Percentile 10.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (9)

linux/Kernel 6.10.0 - 6.11.6linux

Linux/Linux < 6.10

Linux/Linux 6.10

Linux/Linux 6.11.6 - 6.11.*

Linux/Linux 6.12

Linux/Linux e275d61c5f3ffc250b2a9601d36fbd11b4db774b - 82926f52d7a09c65d916c0ef8d4305fc95d68c0c

Linux/Linux e275d61c5f3ffc250b2a9601d36fbd11b4db774b - be8fe75e57f8fa3f87e3b1c283cc7cd9f9b80867

linux/linux_kernel 6.12 rc1 (3 CPE variants)

linux/linux_kernel 6.10 - 6.11.6

Published Nov 07, 2024

Tracked Since Feb 18, 2026