PT-2024-33785 · Linux+2 · Linux Kernel+2

Published

2024-09-24

Updated

2025-02-28

CVE-2024-49943

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to a missing lock in the wedged fini function of the drm/xe/guc submit module. This can cause a use-after-free (UAF) condition when a non-wedged queue is accessed concurrently with its destruction. The problem arises because the queue pointer is dereferenced after the lookup, which can lead to UAF if the queue is not wedged. The fix involves holding the submission state lock around the check to ensure the queue is not freed prematurely, thus making the check safe.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

BDU:2025-16129

CVE-2024-49943

OPENSUSE-SU-2024:14500-1

OPENSUSE-SU-2025:14705-1

USN-7276-1

USN-7277-1

USN-7310-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

PT-2024-33785 · Linux+2 · Linux Kernel+2

CVE-2024-49943

Weakness Enumeration

Related Identifiers

Affected Products

References · 1291