PT-2025-8815 · Linux+7 · Linux Kernel+7

Thomas Hellström

·

Published

2024-12-23

·

Updated

2025-11-12

·

CVE-2024-49570

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10
Description A potential use-after-free (UAF) issue has been identified in the Linux kernel, specifically in the drm/xe/tracing component. The issue arises from the TP printk function and the xe mem type to name[] array. This problem was exposed by a commit aimed at checking dereferences via the field and not the TP printk format. The estimated number of potentially affected devices and details about real-world incidents are not provided.
Recommendations For Linux kernel versions prior to 6.10, explicit backporting of the fix may be needed to resolve the issue. As a temporary workaround, consider avoiding the use of the xe bo move trace event until a patch is available.

Exploit

Fix

Use After Free

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-415

Related Identifiers

ALSA-2025:20095
ALSA-2025:20518
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALSA-2025_18281
ALSA-2025_19102
ALSA-2025_19103
ALSA-2025_19409
ALSA-2025_20518
BDU:2025-03893
CVE-2024-49570
INFSA-2025_20518
RHSA-2025:20095
RHSA-2025:20518
RHSA-2025_20518
SUSE-SU-2025:01951-1
SUSE-SU-2025:01967-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01967-1
USN-7521-1
USN-7521-2
USN-7521-3

Affected Products

Almalinux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu