CVE-2024-53080

Published: Nov 19, 2024Modified: Dec 17, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Lock XArray when getting entries for the VM Similar to commit cac075706f29 ("drm/panthor: Fix race when converting group handle to group object") we need to use the XArray's internal locking when retrieving a vm pointer from there. v2: Removed part of the patch that was trying to protect fetching the heap pointer from XArray, as that operation is protected by the @pool->lock.

Affected (7)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.10 to 6.11.8
Linux Linux Kernel	Version 6.12 rc1
Linux Linux Kernel	Version 6.12 rc2
Linux Linux Kernel	Version 6.12 rc3
Linux Linux Kernel	Version 6.12 rc4
Linux Linux Kernel	Version 6.12 rc5
Linux Linux Kernel	Version 6.12 rc6

Related CWEs

CWE-667

Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

References (3)

https://git.kernel.org/stable/c/3342f066a8e1020a6f7d1fbd6b23bfdeda473eb5

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/444fa5b100e5c90550d6bccfe4476efb0391b3ca

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://project-zero.issues.chromium.org/issues/377500597

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Timeline

No history available yet.