CVE-2024-49942

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-49942

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49942.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-49942

Related

Published

2024-10-21T18:15:15Z

Modified

2024-10-25T16:47:11.276853Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

drm/xe: Prevent null pointer access in xemigratecopy

xemigratecopy designed to copy content of TTM resources. When source resource is null, it will trigger a NULL pointer dereference in xemigratecopy. To avoid this situation, update lacks source flag to true for this case, the flag will trigger xemigrateclear rather than xemigratecopy.

Issue trace: <7> [317.089847] xe 0000:00:02.0: [drm:xemigratecopy [xe]] Pass 14, sizes: 4194304 & 4194304 <7> [317.089945] xe 0000:00:02.0: [drm:xemigratecopy [xe]] Pass 15, sizes: 4194304 & 4194304 <1> [317.128055] BUG: kernel NULL pointer dereference, address: 0000000000000010 <1> [317.128064] #PF: supervisor read access in kernel mode <1> [317.128066] #PF: errorcode(0x0000) - not-present page <6> [317.128069] PGD 0 P4D 0 <4> [317.128071] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI <4> [317.128074] CPU: 1 UID: 0 PID: 1440 Comm: kunittrycatch Tainted: G U N 6.11.0-rc7-xe #1 <4> [317.128078] Tainted: [U]=USER, [N]=TEST <4> [317.128080] Hardware name: Intel Corporation Lunar Lake Client Platform/LNL-M LP5 RVP1, BIOS LNLMFWI1.R00.3221.D80.2407291239 07/29/2024 <4> [317.128082] RIP: 0010:xemigratecopy+0x66/0x13e0 [xe] <4> [317.128158] Code: 00 00 48 89 8d e0 fe ff ff 48 8b 40 10 4c 89 85 c8 fe ff ff 44 88 8d bd fe ff ff 65 48 8b 3c 25 28 00 00 00 48 89 7d d0 31 ff <8b> 79 10 48 89 85 a0 fe ff ff 48 8b 00 48 89 b5 d8 fe ff ff 83 ff <4> [317.128162] RSP: 0018:ffffc9000167f9f0 EFLAGS: 00010246 <4> [317.128164] RAX: ffff8881120d8028 RBX: ffff88814d070428 RCX: 0000000000000000 <4> [317.128166] RDX: ffff88813cb99c00 RSI: 0000000004000000 RDI: 0000000000000000 <4> [317.128168] RBP: ffffc9000167fbb8 R08: ffff88814e7b1f08 R09: 0000000000000001 <4> [317.128170] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88814e7b1f08 <4> [317.128172] R13: ffff88814e7b1f08 R14: ffff88813cb99c00 R15: 0000000000000001 <4> [317.128174] FS: 0000000000000000(0000) GS:ffff88846f280000(0000) knlGS:0000000000000000 <4> [317.128176] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4> [317.128178] CR2: 0000000000000010 CR3: 000000011f676004 CR4: 0000000000770ef0 <4> [317.128180] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 <4> [317.128182] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400 <4> [317.128184] PKRU: 55555554 <4> [317.128185] Call Trace: <4> [317.128187] <TASK> <4> [317.128189] ? showregs+0x67/0x70 <4> [317.128194] ? _diebody+0x20/0x70 <4> [317.128196] ? _die+0x2b/0x40 <4> [317.128198] ? pagefaultoops+0x15f/0x4e0 <4> [317.128203] ? douseraddrfault+0x3fb/0x970 <4> [317.128205] ? lockacquire+0xc7/0x2e0 <4> [317.128209] ? excpagefault+0x87/0x2b0 <4> [317.128212] ? asmexcpagefault+0x27/0x30 <4> [317.128216] ? xemigratecopy+0x66/0x13e0 [xe] <4> [317.128263] ? _lockacquire+0xb9d/0x26f0 <4> [317.128265] ? _lockacquire+0xb9d/0x26f0 <4> [317.128267] ? sgfreeappendtable+0x20/0x80 <4> [317.128271] ? lockacquire+0xc7/0x2e0 <4> [317.128273] ? markheldlocks+0x4d/0x80 <4> [317.128275] ? tracehardirqson+0x1e/0xd0 <4> [317.128278] ? rawspinunlockirqrestore+0x31/0x60 <4> [317.128281] ? _pmruntimeresume+0x60/0xa0 <4> [317.128284] xebomove+0x682/0xc50 [xe] <4> [317.128315] ? lockisheldtype+0xaa/0x120 <4> [317.128318] ttmbohandlemovemem+0xe5/0x1a0 [ttm] <4> [317.128324] ttmbovalidate+0xd1/0x1a0 [ttm] <4> [317.128328] shrinktestrundevice+0x721/0xc10 [xe] <4> [317.128360] ? findheldlock+0x31/0x90 <4> [317.128363] ? lockrelease+0xd1/0x2a0 <4> [317.128365] ? _pfxkunitgenericrunthreadfnadapter+0x10/0x10 [kunit] <4> [317.128370] xeboshrinkkunit+0x11/0x20 [xe] <4> [317.128397] kunittryruncase+0x6e/0x150 [kunit] <4> [317.128400] ? tracehardirqson+0x1e/0xd0 <4> [317.128402] ? rawspinunlockirqrestore+0x31/0x60 <4> [317.128404] kunitgenericrunthreadfnadapter+0x1e/0x40 [ku ---truncated---

References

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.11.4-1

Affected versions

6.*

6.1.27-1

6.1.37-1

6.1.38-1

6.1.38-2~bpo11+1

6.1.38-2

6.1.38-3

6.1.38-4~bpo11+1

6.1.38-4

6.1.52-1

6.1.55-1~bpo11+1

6.1.55-1

6.1.64-1

6.1.66-1

6.1.67-1

6.1.69-1~bpo11+1

6.1.69-1

6.1.76-1~bpo11+1

6.1.76-1

6.1.82-1

6.1.85-1

6.1.90-1~bpo11+1

6.1.90-1

6.1.94-1~bpo11+1

6.1.94-1

6.1.98-1

6.1.99-1

6.1.106-1

6.1.106-2

6.1.106-3

6.1.112-1

6.3.1-1~exp1

6.3.2-1~exp1

6.3.4-1~exp1

6.3.5-1~exp1

6.3.7-1~bpo12+1

6.3.7-1

6.3.11-1

6.4~rc6-1~exp1

6.4~rc7-1~exp1

6.4.1-1~exp1

6.4.4-1~bpo12+1

6.4.4-1

6.4.4-2

6.4.4-3~bpo12+1

6.4.4-3

6.4.11-1

6.4.13-1

6.5~rc4-1~exp1

6.5~rc6-1~exp1

6.5~rc7-1~exp1

6.5.1-1~exp1

6.5.3-1~bpo12+1

6.5.3-1

6.5.6-1

6.5.8-1

6.5.10-1~bpo12+1

6.5.10-1

6.5.13-1

6.6.3-1~exp1

6.6.4-1~exp1

6.6.7-1~exp1

6.6.8-1

6.6.9-1

6.6.11-1

6.6.13-1~bpo12+1

6.6.13-1

6.6.15-1

6.6.15-2

6.7-1~exp1

6.7.1-1~exp1

6.7.4-1~exp1

6.7.7-1

6.7.9-1

6.7.9-2

6.7.12-1~bpo12+1

6.7.12-1

6.8.9-1

6.8.11-1

6.8.12-1~bpo12+1

6.8.12-1

6.9.2-1~exp1

6.9.7-1~bpo12+1

6.9.7-1

6.9.8-1

6.9.9-1

6.9.10-1~bpo12+1

6.9.10-1

6.9.11-1

6.9.12-1

6.10-1~exp1

6.10.1-1~exp1

6.10.3-1

6.10.4-1

6.10.6-1~bpo12+1

6.10.6-1

6.10.7-1

6.10.9-1

6.10.11-1~bpo12+1

6.10.11-1

6.10.12-1

6.11~rc4-1~exp1

6.11~rc5-1~exp1

6.11-1~exp1

6.11.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}