CVE-2024-53098

HIGH

Linux Kernel < 6.11.9 - Out-of-bounds Write in drm/xe/ufence

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address access_ok() only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. (cherry picked from commit 9408c4508483ffc60811e910a93d6425b8e63928)

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/5d623ffbae96b23f1fc43a3d5a267aabdb07583d

Patch

https://git.kernel.org/stable/c/9c1813b3253480b30604c680026c7dc721ce86d1

Scores

CVSS v3 7.8

EPSS 0.0021

EPSS Percentile 11.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (9)

linux/Kernel 6.8.0 - 6.11.9linux

Linux/Linux < 6.8

Linux/Linux 6.11.9 - 6.11.*

Linux/Linux 6.12

Linux/Linux 6.8

Linux/Linux dd08ebf6c3525a7ea2186e636df064ea47281987 - 5d623ffbae96b23f1fc43a3d5a267aabdb07583d

Linux/Linux dd08ebf6c3525a7ea2186e636df064ea47281987 - 9c1813b3253480b30604c680026c7dc721ce86d1

linux/linux_kernel 6.12 rc1 (4 CPE variants)

linux/linux_kernel < 6.11.9

Published Nov 25, 2024

Tracked Since Feb 18, 2026