Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-533j-v9v8-3c94

Опубликовано: 21 окт. 2024
Источник: github
Github: Не прошло ревью
CVSS3: 7.8

Описание

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/vm: move xa_alloc to prevent UAF

Evil user can guess the next id of the vm before the ioctl completes and then call vm destroy ioctl to trigger UAF since create ioctl is still referencing the same vm. Move the xa_alloc all the way to the end to prevent this.

v2:

  • Rebase

(cherry picked from commit dcfd3971327f3ee92765154baebbaece833d3ca9)

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/vm: move xa_alloc to prevent UAF

Evil user can guess the next id of the vm before the ioctl completes and then call vm destroy ioctl to trigger UAF since create ioctl is still referencing the same vm. Move the xa_alloc all the way to the end to prevent this.

v2:

  • Rebase

(cherry picked from commit dcfd3971327f3ee92765154baebbaece833d3ca9)

Ссылки

EPSS

Процентиль: 8%
0.00029
Низкий

7.8 High

CVSS3

CVE ID

CVE-2024-49865

Дефекты

CWE-416

Связанные уязвимости

ubuntu логотип

CVE-2024-49865

CVSS3: 7.8
ubuntu
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xa_alloc to prevent UAF Evil user can guess the next id of the vm before the ioctl completes and then call vm destroy ioctl to trigger UAF since create ioctl is still referencing the same vm. Move the xa_alloc all the way to the end to prevent this. v2: - Rebase (cherry picked from commit dcfd3971327f3ee92765154baebbaece833d3ca9)

redhat логотип

CVE-2024-49865

CVSS3: 7.8
redhat
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xa_alloc to prevent UAF Evil user can guess the next id of the vm before the ioctl completes and then call vm destroy ioctl to trigger UAF since create ioctl is still referencing the same vm. Move the xa_alloc all the way to the end to prevent this. v2: - Rebase (cherry picked from commit dcfd3971327f3ee92765154baebbaece833d3ca9)

nvd логотип

CVE-2024-49865

CVSS3: 7.8
nvd
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xa_alloc to prevent UAF Evil user can guess the next id of the vm before the ioctl completes and then call vm destroy ioctl to trigger UAF since create ioctl is still referencing the same vm. Move the xa_alloc all the way to the end to prevent this. v2: - Rebase (cherry picked from commit dcfd3971327f3ee92765154baebbaece833d3ca9)

debian логотип

CVE-2024-49865

CVSS3: 7.8
debian
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: d ...

fstec логотип

BDU:2024-09787

CVSS3: 7.8
fstec
больше 1 года назад

Уязвимость функции xe_vm_create_ioctl() ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 8%
0.00029
Низкий

7.8 High

CVSS3

CVE ID

CVE-2024-49865

Дефекты

CWE-416