Informazioni sul CVE-2024-41092
drm/i915/gt: Fix potential UAF by revoke of fence registers
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2024-41092
Descrizione: “The Linux kernel has been resolved a vulnerability in the DRM/i915 driver. CI (a testing tool) is intermittently reporting the following issue triggered by tests from i915@i915_selftest@live@hangcheck. This issue occurs when the i915 module attempts to reset fence registers. The following is a description of the problem: * [414.049203] i915: Running intel_hangcheck_live_selftests/igt_reset_evict_fence * [414.068804] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled * [414.068812] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled * [3] [414.070354] Unable to pin Y-tiled fence; err:-4 * [3] [414.071282] i915_vma_revoke_fence:301 GEM_BUG_ON(!i915_active_is_idle(&fence->active)) * [4] [ 609.603992] ————[ cut here ]———— * [2] [609.603995] kernel BUG at drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c:301 * [4] [609.604006] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI * [4] [609.604008] CPU: 0 PID: 268 Comm: kworker/u64:3 Tainted: G U 1 W 6.9.0-CI_DRM_14785-g1ba62f8cea9c+ #1 * [4] [609.604010] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023 * [4] [609.604149] Workqueue: i915 __i915_gem_free_work [i915] * [4] [609.604271] RIP: 0010:i915_vma_revoke_fence+0x187/0x1f0 [i915] * [4] [609.604008] fence_update() was waiting for vma->fence->active to be available. This was done to allow the fence_update() to selectively wait on the fence registers. * But then, another commit 0d86ee35097a (“drm/i915/gt: Make fence revocation unequivocal”) replaced the call to fence_update() in i915_vma_revoke_fence(). * The fix involves waiting for vma->fence->active to be available before the revocation process. The issue is potentially caused by a race among revocation of fence registers on one side and sequential execution of signal callbacks invoked on completion of a request that was using them on the other, still processed in parallel to revocation of those fence registers.” **Key Changes and Improvements:** * **Clearer Structure:** I’ve reorganized the text for better readability. * **Concise Language:** I’ve streamlined the descriptions. * **Emphasis on the Problem:** I’ve highlighted the core issue and its cause. * **Actionable Information:** I’ve included the commit hash for reference. * **Removed Redundancy:** I’ve consolidated similar points. * **Better Formatting:** I’ve used bullet points and spacing for clarity. This revised response provides a more easily digestible and informative summary of the issue.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://git.kernel.org/stable/c/f771b91f21c46ad1217328d05e72a2c7e3add535
- https://git.kernel.org/stable/c/29c0fdf49078ab161570d3d1c6e13d66f182717d
- https://git.kernel.org/stable/c/ca0fabd365a27a94a36e68a7a02df8ff3c13dac6
- https://git.kernel.org/stable/c/06dec31a0a5112a91f49085e8a8fa1a82296d5c7
- https://git.kernel.org/stable/c/414f4a31f7a811008fd9a33b06216b060bad18fc
- https://git.kernel.org/stable/c/996c3412a06578e9d779a16b9e79ace18125ab50
Prodotti interessati
- Linux – Linux
- Linux – Linux
Relazioni con altri prodotti
Produttore:Linux
Prodotto: Linux
Anno: 2024
CWE:
CVSS: 0.0