CVE-2024-46683

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free (UAF) vulnerability in the Linux kernel, specifically in the drm/xe module. The vulnerability occurs when the fence lock is part of the queue, and anything locking the fence should also hold a reference to the queue to prevent it from being freed. However, the current design signals the fence and then drops the queue reference, which can lead to a situation where the lock is freed as part of the queue, resulting in a UAF. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

To prevent this, the fence lock can be moved into the fence itself to avoid lifetime issues. Alternative solutions might include having a device-level lock or only releasing the queue in the fence release callback, although this might require pushing to another worker to avoid locking issues.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.