PT-2024-36962 · Linux+3 · Linux Kernel+3

Lucas De Marchi

·

Published

2024-12-12

·

Updated

2025-09-29

·

CVE-2024-56652

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved. The issue is related to the drm/xe/reg sr register pool implementation, which does not work correctly. If the krealloc function moves the memory and returns a different address, the entries in the xarray become invalid, leading to a use-after-free error later. This error can occur in the xe reg sr apply mmio function. The vulnerability was identified by the KASAN (Kernel Address Sanitizer) tool.
Recommendations To resolve the issue, simplify the code to fix the bug. A better pooling strategy may be added back later if needed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-17881
BDU:2025-07232
CVE-2024-56652
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7513-1
USN-7513-2
USN-7513-3
USN-7513-4
USN-7513-5
USN-7514-1
USN-7515-1
USN-7515-2
USN-7522-1
USN-7523-1
USN-7524-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Ubuntu