CVE-2024-43863

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description The issue is related to a deadlock in the dma buf fence polling mechanism. Specifically, the vmwgfx module overwrites the wait callback to iterate over the list of all fences and update their status, holding a lock to prevent list modifications from other threads. The fence destroy callback deletes the fence and removes it from the list of pending fences, for which it holds a lock. However, the dma buf polling callback unrefs a fence after it's been signaled, leading to a situation where the destruction tries to acquire the lock on the pending fences list, which it can never get because it's held by the wait from which it was called. This fixes KDE stalls/deadlock.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.50 or later. As a temporary workaround, consider disabling the dma buf polling interfaces until a patch is available. Restrict access to the vmwgfx module to minimize the risk of exploitation. Avoid using the dma buf polling cb in the affected API endpoints until the issue is resolved.