CVE-2024-56652
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-56652
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56652.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-56652
- Downstream
- Related
- Published
- 2024-12-27T15:06:16.454Z
- Modified
- 2025-11-20T07:19:32.522929Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- drm/xe/reg_sr: Remove register pool
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/reg_sr: Remove register pool
That pool implementation doesn't really work: if the krealloc happens to move the memory and return another address, the entries in the xarray become invalid, leading to use-after-free later:
BUG: KASAN: slab-use-after-free in xe_reg_sr_apply_mmio+0x570/0x760 [xe] Read of size 4 at addr ffff8881244b2590 by task modprobe/2753 Allocated by task 2753: kasan_save_stack+0x39/0x70 kasan_save_track+0x14/0x40 kasan_save_alloc_info+0x37/0x60 __kasan_kmalloc+0xc3/0xd0 __kmalloc_node_track_caller_noprof+0x200/0x6d0 krealloc_noprof+0x229/0x380Simplify the code to fix the bug. A better pooling strategy may be added back later if needed.
(cherry picked from commit e5283bd4dfecbd3335f43b62a68e24dae23f59e4)
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddd08ebf6c3525a7ea2186e636df064ea47281987Fixedb0193a31a0ca5a0f9e60bb4a86537d46b98111b8
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddd08ebf6c3525a7ea2186e636df064ea47281987Fixedd7b028656c29b22fcde1c6ee1df5b28fbba987b5
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.13-rc1
v6.7
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"id": "CVE-2024-56652-0557d814",
"target": {
"file": "drivers/gpu/drm/xe/xe_reg_sr.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"249633025544367053629463725951402674720",
"87038517725532040353359776005452093721",
"1886186753636011659522298315862258984",
"190842850339796446208059318137474436415",
"127857346522208406936063532161157809022",
"42743172174102455696987862112281558557",
"201264072496682263975181253906473781456",
"86989161603316450518062763302116066634",
"125234888953428910140588211647143412399",
"56446726545361665609205603172150783072",
"87769464798975131833433787889027612368",
"236783800740748006543257756400879144407",
"103416928255128593149130329841577763478",
"228427258375776520832800495126175385706",
"196113045965027721510754403475688287921",
"87283790041850942948055081488545078583",
"185194352658862980343808181843548765303",
"285227019046771994314924224247748349082",
"127707717832329800287295185846658222071",
"308560159409771431170845918192670750106",
"63768917548437017106558830585335314216",
"295218116355530293821556207902146995295",
"41071526211308732437214740277087395122",
"138214742124983175783149834133331625111",
"315046805886922995138813763662360149744",
"114241354704820368078262229023198270820",
"173860374853194502786076448981396641035",
"175458259042094343145763166108352979761",
"271196670581647855515796398303456182551",
"219958230831777098885460953118429681056",
"87811433529037955482614249629560239531",
"248534463028806991923816845175477830772",
"218548359583310943578380436526380751397",
"293004400048397631940903615009310332203",
"222482289770929146036497069759715987612",
"312961415422619964089510152262045211261",
"188433564847056567156920442129130742533"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d7b028656c29b22fcde1c6ee1df5b28fbba987b5",
"signature_version": "v1"
},
{
"id": "CVE-2024-56652-0ae49e08",
"target": {
"file": "drivers/gpu/drm/xe/xe_reg_sr.c",
"function": "xe_reg_sr_init"
},
"digest": {
"length": 307.0,
"function_hash": "121085619563640242270660951424302741415"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d7b028656c29b22fcde1c6ee1df5b28fbba987b5",
"signature_version": "v1"
},
{
"id": "CVE-2024-56652-167a38e8",
"target": {
"file": "drivers/gpu/drm/xe/xe_reg_sr.c",
"function": "xe_reg_sr_add"
},
"digest": {
"length": 867.0,
"function_hash": "112661054804738866873301800334245929464"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d7b028656c29b22fcde1c6ee1df5b28fbba987b5",
"signature_version": "v1"
},
{
"id": "CVE-2024-56652-1865f4bb",
"target": {
"file": "drivers/gpu/drm/xe/xe_reg_sr_types.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"90195273410487051587683696923728347195",
"227941299322529531777984438419004500767",
"94625549202441490996411573053730098297",
"130000623382847168055759707755231187167",
"61572944403550704743579935115871862653",
"2561654355315662419158537641766095143",
"181935835963180471248362216205428433092",
"16226723191743880800266467978876233961",
"227873248683559977644414808039829357644"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d7b028656c29b22fcde1c6ee1df5b28fbba987b5",
"signature_version": "v1"
},
{
"id": "CVE-2024-56652-236be324",
"target": {
"file": "drivers/gpu/drm/xe/xe_reg_sr.c",
"function": "alloc_entry"
},
"digest": {
"length": 437.0,
"function_hash": "14866949242166004041657288583183395569"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d7b028656c29b22fcde1c6ee1df5b28fbba987b5",
"signature_version": "v1"
},
{
"id": "CVE-2024-56652-3f7db7c1",
"target": {
"file": "drivers/gpu/drm/xe/xe_reg_sr.c",
"function": "reg_sr_fini"
},
"digest": {
"length": 199.0,
"function_hash": "183060368247246042956396273511913885841"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d7b028656c29b22fcde1c6ee1df5b28fbba987b5",
"signature_version": "v1"
},
{
"id": "CVE-2024-56652-8d285a12",
"target": {
"file": "drivers/gpu/drm/xe/xe_reg_sr.c",
"function": "xe_reg_sr_add"
},
"digest": {
"length": 867.0,
"function_hash": "112661054804738866873301800334245929464"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0193a31a0ca5a0f9e60bb4a86537d46b98111b8",
"signature_version": "v1"
},
{
"id": "CVE-2024-56652-bbed74b6",
"target": {
"file": "drivers/gpu/drm/xe/xe_reg_sr.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"249633025544367053629463725951402674720",
"87038517725532040353359776005452093721",
"1886186753636011659522298315862258984",
"190842850339796446208059318137474436415",
"127857346522208406936063532161157809022",
"42743172174102455696987862112281558557",
"201264072496682263975181253906473781456",
"86989161603316450518062763302116066634",
"125234888953428910140588211647143412399",
"56446726545361665609205603172150783072",
"87769464798975131833433787889027612368",
"236783800740748006543257756400879144407",
"103416928255128593149130329841577763478",
"228427258375776520832800495126175385706",
"196113045965027721510754403475688287921",
"87283790041850942948055081488545078583",
"185194352658862980343808181843548765303",
"285227019046771994314924224247748349082",
"127707717832329800287295185846658222071",
"308560159409771431170845918192670750106",
"63768917548437017106558830585335314216",
"295218116355530293821556207902146995295",
"41071526211308732437214740277087395122",
"138214742124983175783149834133331625111",
"315046805886922995138813763662360149744",
"114241354704820368078262229023198270820",
"173860374853194502786076448981396641035",
"175458259042094343145763166108352979761",
"271196670581647855515796398303456182551",
"219958230831777098885460953118429681056",
"87811433529037955482614249629560239531",
"248534463028806991923816845175477830772",
"218548359583310943578380436526380751397",
"293004400048397631940903615009310332203",
"222482289770929146036497069759715987612",
"312961415422619964089510152262045211261",
"188433564847056567156920442129130742533"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0193a31a0ca5a0f9e60bb4a86537d46b98111b8",
"signature_version": "v1"
},
{
"id": "CVE-2024-56652-c1efd830",
"target": {
"file": "drivers/gpu/drm/xe/xe_reg_sr_types.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"90195273410487051587683696923728347195",
"227941299322529531777984438419004500767",
"94625549202441490996411573053730098297",
"130000623382847168055759707755231187167",
"61572944403550704743579935115871862653",
"2561654355315662419158537641766095143",
"181935835963180471248362216205428433092",
"16226723191743880800266467978876233961",
"227873248683559977644414808039829357644"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0193a31a0ca5a0f9e60bb4a86537d46b98111b8",
"signature_version": "v1"
},
{
"id": "CVE-2024-56652-c51bff4b",
"target": {
"file": "drivers/gpu/drm/xe/xe_reg_sr.c",
"function": "reg_sr_fini"
},
"digest": {
"length": 199.0,
"function_hash": "183060368247246042956396273511913885841"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0193a31a0ca5a0f9e60bb4a86537d46b98111b8",
"signature_version": "v1"
},
{
"id": "CVE-2024-56652-ec482ee5",
"target": {
"file": "drivers/gpu/drm/xe/xe_reg_sr.c",
"function": "alloc_entry"
},
"digest": {
"length": 437.0,
"function_hash": "14866949242166004041657288583183395569"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0193a31a0ca5a0f9e60bb4a86537d46b98111b8",
"signature_version": "v1"
},
{
"id": "CVE-2024-56652-ee572a1e",
"target": {
"file": "drivers/gpu/drm/xe/xe_reg_sr.c",
"function": "xe_reg_sr_init"
},
"digest": {
"length": 307.0,
"function_hash": "121085619563640242270660951424302741415"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b0193a31a0ca5a0f9e60bb4a86537d46b98111b8",
"signature_version": "v1"
}
]