{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-44956", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-21T05:34:56.666Z", "datePublished": "2024-09-04T18:35:55.140Z", "dateUpdated": "2024-09-15T17:55:55.265Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-15T17:55:55.265Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/xe/xe_preempt_fence.c"], "versions": [{"version": "1da177e4c3f4", "lessThan": "458bb83119df", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f4", "lessThan": "3cd1585e5790", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/xe/xe_preempt_fence.c"], "versions": [{"version": "6.10.5", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/458bb83119dfee5d14c677f7846dd9363817006f"}, {"url": "https://git.kernel.org/stable/c/3cd1585e57908b6efcd967465ef7685f40b2a294"}], "title": "drm/xe/preempt_fence: enlarge the fence critical section", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-44956", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:40:03.841681Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:36.468Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-44956", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:40:03.841681Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:27.629Z"}}], "cna": {"title": "drm/xe/preempt_fence: enlarge the fence critical section", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1da177e4c3f4", "lessThan": "458bb83119df", "versionType": "git"}, {"status": "affected", "version": "1da177e4c3f4", "lessThan": "3cd1585e5790", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/xe/xe_preempt_fence.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "unaffected", "version": "6.10.5", "versionType": "custom", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/xe/xe_preempt_fence.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/458bb83119dfee5d14c677f7846dd9363817006f"}, {"url": "https://git.kernel.org/stable/c/3cd1585e57908b6efcd967465ef7685f40b2a294"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-15T17:55:55.265Z"}}}, "cveMetadata": {"cveId": "CVE-2024-44956", "state": "PUBLISHED", "dateUpdated": "2024-09-15T17:55:55.265Z", "dateReserved": "2024-08-21T05:34:56.666Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-09-04T18:35:55.140Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4CB0927-C720-465B-99F2-3E47215515F2", "versionEndExcluding": "6.10.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe/preempt_fence: agrandar la secci\u00f3n cr\u00edtica de la cerca Es realmente f\u00e1cil introducir bloqueos sutiles en preempt_fence_work_func() ya que operamos en un solo wq ordenado global para se\u00f1alar nuestras cercas de preempci\u00f3n detr\u00e1s de escena, por lo que incluso aunque se\u00f1alemos una cerca en particular, todo en la devoluci\u00f3n de llamada debe estar en la secci\u00f3n cr\u00edtica de la cerca, ya que el bloqueo en la devoluci\u00f3n de llamada evitar\u00e1 que otras cercas publicadas se\u00f1alicen. Si agrandamos la secci\u00f3n cr\u00edtica de la cerca para cubrir toda la devoluci\u00f3n de llamada, entonces lockdep deber\u00eda poder entender esto mejor y quejarse si tomamos un bloqueo sensible como vm->lock, que tambi\u00e9n se mantiene cuando se espera en cercas de preempci\u00f3n."}], "id": "CVE-2024-44956", "lastModified": "2024-09-06T16:37:11.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-04T19:15:30.480", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3cd1585e57908b6efcd967465ef7685f40b2a294"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/458bb83119dfee5d14c677f7846dd9363817006f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/xe/preempt_fence: enlarge the fence critical section", "id": "2309787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309787"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/xe/preempt_fence: enlarge the fence critical section\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm->lock, which is also held when waiting on preempt fences."], "name": "CVE-2024-44956", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-44956\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-44956\nhttps://lore.kernel.org/linux-cve-announce/2024090412-CVE-2024-44956-8bcf@gregkh/T"], "threat_severity": "Moderate"}