CVE-2024-41092

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.9.0

Description The issue is related to a potential use-after-free (UAF) vulnerability in the Linux kernel's drm/i915/gt module. The vulnerability can be triggered by a race condition between the revocation of fence registers and the sequential execution of signal callbacks invoked on completion of a request that was using them. This can lead to a kernel bug and potentially allow an attacker to elevate their privileges. The vulnerability is caused by a missing wait for idleness of vma->fence->active in the i915 vma revoke fence() function.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the vulnerability, which involves waiting for idleness of vma->fence->active in the i915 vma revoke fence() function. As a temporary workaround, consider disabling the i915 vma revoke fence() function until a patch is available. However, this may have performance implications and should be carefully evaluated before implementation.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.