CVE-2024-50187

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A vulnerability in the Linux kernel's drm/vc4 code has been resolved. The issue occurred when a file descriptor was closed, and the active performance monitor was not stopped. Although all performance monitors were destroyed in vc4 perfmon close file(), the active performance monitor's pointer (vc4->active perfmon) was still retained. If a new file descriptor was opened and jobs with performance monitors were submitted, the driver would attempt to stop the active performance monitor using the stale pointer in vc4->active perfmon. However, this pointer was no longer valid because the previous process had already terminated, and all performance monitors associated with it had been destroyed and freed.

Recommendations: To fix this issue, when the active performance monitor belongs to a given process, explicitly stop it before destroying and freeing it. As a temporary workaround, consider disabling the vc4 perfmon close file() function until a patch is available. Restrict access to the vulnerable drm/vc4 module to minimize the risk of exploitation. Avoid using the vc4->active perfmon pointer in the affected code until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.