CVE-2024-50090

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-50090
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50090.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-50090
Downstream
Related
Published
2024-11-05T17:04:54.546Z
Modified
2026-03-12T13:01:54.263629Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
drm/xe/oa: Fix overflow in oa batch buffer
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/oa: Fix overflow in oa batch buffer

By default xebbcreatejob() appends a MIBATCHBUFFEREND to batch buffer, this is not a problem if batch buffer is only used once but oa reuses the batch buffer for the same metric and at each call it appends a MIBATCHBUFFER_END, printing the warning below and then overflowing.

[ 381.072016] ------------[ cut here ]------------ [ 381.072019] xe 0000:00:02.0: [drm] Assertion bb->len * 4 + bb_prefetch(q->gt) <= size failed! platform: LUNARLAKE subplatform: 1 graphics: Xe2LPG / Xe2HPG 20.04 step B0 media: Xe2LPM / Xe2HPM 20.00 step B0 tile: 0 VRAM 0 B GT: 0 type 1

So here checking if batch buffer already have MIBATCHBUFFER_END if not append it.

v2: - simply fix, suggestion from Ashutosh

(cherry picked from commit 9ba0e0f30ca42a98af3689460063edfb6315718a)

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50090.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
dd08ebf6c3525a7ea2186e636df064ea47281987
Fixed
bcb5be3421705e682b0b32073ad627056d6bc2a2
Fixed
6c10ba06bb1b48acce6d4d9c1e33beb9954f1788

Affected versions

v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.11.2
v6.11.3
v6.7
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50090.json"
vanir_signatures 
[
    {
        "id": "CVE-2024-50090-3b4c2193",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "143671407931088127381961400163328515889",
                "131907213880815847386233773453548867641",
                "117873959870009796702537733227389921908",
                "252826717871572986549967760573910352441"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "drivers/gpu/drm/xe/xe_bb.c"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bcb5be3421705e682b0b32073ad627056d6bc2a2",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "id": "CVE-2024-50090-d87fb417",
        "signature_type": "Function",
        "digest": {
            "function_hash": "213117068336968110860179861229403690824",
            "length": 315.0
        },
        "target": {
            "file": "drivers/gpu/drm/xe/xe_bb.c",
            "function": "__xe_bb_create_job"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bcb5be3421705e682b0b32073ad627056d6bc2a2",
        "signature_version": "v1",
        "deprecated": false
    }
]