PT-2024-32259 · Linux+2 · Linux Kernel+2
Published
2024-09-11
·
Updated
2025-01-09
·
CVE-2024-46866
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to a missing bo locking in the
show meminfo() function, which can lead to problems like NPD and UAF if the bo lock is not held. The bo meminfo() function wants to inspect bo state like tt and the ttm resource. To fix this, the bo lock is grabbed when calling bo meminfo(), ensuring any spinlocks are dropped first. In the case of object idr, a ref also needs to be held. The fix includes adding xe bo assert held().Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Locking
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linuxmint
Linux Kernel
Ubuntu