CVE-2024-44978

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/xe: Free job before xe_exec_queue_put

Free job depends on job->vm being valid, the last xe_exec_queue_put can destroy the VM. Prevent UAF by freeing job before xe_exec_queue_put.

(cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f)

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxdd08ebf6c3525a7ea2186e636df064ea47281987 < 98aa0330f200b9b8fb9e1298e006eda57a13351caffected
LinuxLinuxdd08ebf6c3525a7ea2186e636df064ea47281987 < 9e7f30563677fbeff62d368d5d2a5ac7aaa9746aaffected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux6.10.7 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References