{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-44980", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-21T05:34:56.670Z", "datePublished": "2024-09-04T19:54:30.863Z", "dateUpdated": "2024-11-05T09:43:24.472Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:43:24.472Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix opregion leak\n\nBeing part o the display, ideally the setup and cleanup would be done by\ndisplay itself. However this is a bigger refactor that needs to be done\non both i915 and xe. For now, just fix the leak:\n\nunreferenced object 0xffff8881a0300008 (size 192):\n comm \"modprobe\", pid 4354, jiffies 4295647021\n hex dump (first 32 bytes):\n 00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff ...'............\n 18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace (crc 99260e31):\n [<ffffffff823ce65b>] kmemleak_alloc+0x4b/0x80\n [<ffffffff81493be2>] kmalloc_trace_noprof+0x312/0x3d0\n [<ffffffffa1345679>] intel_opregion_setup+0x89/0x700 [xe]\n [<ffffffffa125bfaf>] xe_display_init_noirq+0x2f/0x90 [xe]\n [<ffffffffa1199ec3>] xe_device_probe+0x7a3/0xbf0 [xe]\n [<ffffffffa11f3713>] xe_pci_probe+0x333/0x5b0 [xe]\n [<ffffffff81af6be8>] local_pci_probe+0x48/0xb0\n [<ffffffff81af8778>] pci_device_probe+0xc8/0x280\n [<ffffffff81d09048>] really_probe+0xf8/0x390\n [<ffffffff81d0937a>] __driver_probe_device+0x8a/0x170\n [<ffffffff81d09503>] driver_probe_device+0x23/0xb0\n [<ffffffff81d097b7>] __driver_attach+0xc7/0x190\n [<ffffffff81d0628d>] bus_for_each_dev+0x7d/0xd0\n [<ffffffff81d0851e>] driver_attach+0x1e/0x30\n [<ffffffff81d07ac7>] bus_add_driver+0x117/0x250\n\n(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/xe/display/xe_display.c"], "versions": [{"version": "44e694958b95", "lessThan": "f7ecdd9853dd", "status": "affected", "versionType": "git"}, {"version": "44e694958b95", "lessThan": "f4b2a0ae1a31", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/xe/display/xe_display.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.7", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/f7ecdd9853dd9f34e7cdfdadfb70b8f40644ebb4"}, {"url": "https://git.kernel.org/stable/c/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f"}], "title": "drm/xe: Fix opregion leak", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-44980", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:19:11.959900Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:14.311Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-44980", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:19:11.959900Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:18.652Z"}}], "cna": {"title": "drm/xe: Fix opregion leak", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "44e694958b95", "lessThan": "f7ecdd9853dd", "versionType": "git"}, {"status": "affected", "version": "44e694958b95", "lessThan": "f4b2a0ae1a31", "versionType": "git"}], "programFiles": ["drivers/gpu/drm/xe/display/xe_display.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.8"}, {"status": "unaffected", "version": "0", "lessThan": "6.8", "versionType": "custom"}, {"status": "unaffected", "version": "6.10.7", "versionType": "custom", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/gpu/drm/xe/display/xe_display.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/f7ecdd9853dd9f34e7cdfdadfb70b8f40644ebb4"}, {"url": "https://git.kernel.org/stable/c/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix opregion leak\n\nBeing part o the display, ideally the setup and cleanup would be done by\ndisplay itself. However this is a bigger refactor that needs to be done\non both i915 and xe. For now, just fix the leak:\n\nunreferenced object 0xffff8881a0300008 (size 192):\n comm \"modprobe\", pid 4354, jiffies 4295647021\n hex dump (first 32 bytes):\n 00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff ...'............\n 18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace (crc 99260e31):\n [<ffffffff823ce65b>] kmemleak_alloc+0x4b/0x80\n [<ffffffff81493be2>] kmalloc_trace_noprof+0x312/0x3d0\n [<ffffffffa1345679>] intel_opregion_setup+0x89/0x700 [xe]\n [<ffffffffa125bfaf>] xe_display_init_noirq+0x2f/0x90 [xe]\n [<ffffffffa1199ec3>] xe_device_probe+0x7a3/0xbf0 [xe]\n [<ffffffffa11f3713>] xe_pci_probe+0x333/0x5b0 [xe]\n [<ffffffff81af6be8>] local_pci_probe+0x48/0xb0\n [<ffffffff81af8778>] pci_device_probe+0xc8/0x280\n [<ffffffff81d09048>] really_probe+0xf8/0x390\n [<ffffffff81d0937a>] __driver_probe_device+0x8a/0x170\n [<ffffffff81d09503>] driver_probe_device+0x23/0xb0\n [<ffffffff81d097b7>] __driver_attach+0xc7/0x190\n [<ffffffff81d0628d>] bus_for_each_dev+0x7d/0xd0\n [<ffffffff81d0851e>] driver_attach+0x1e/0x30\n [<ffffffff81d07ac7>] bus_add_driver+0x117/0x250\n\n(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-15T17:56:22.881Z"}}}, "cveMetadata": {"cveId": "CVE-2024-44980", "state": "PUBLISHED", "dateUpdated": "2024-09-15T17:56:22.881Z", "dateReserved": "2024-08-21T05:34:56.670Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-09-04T19:54:30.863Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E89DCAFA-7226-4A61-B500-1229E533B4BD", "versionEndExcluding": "6.10.7", "versionStartIncluding": "6.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix opregion leak\n\nBeing part o the display, ideally the setup and cleanup would be done by\ndisplay itself. However this is a bigger refactor that needs to be done\non both i915 and xe. For now, just fix the leak:\n\nunreferenced object 0xffff8881a0300008 (size 192):\n comm \"modprobe\", pid 4354, jiffies 4295647021\n hex dump (first 32 bytes):\n 00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff ...'............\n 18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00 ................\n backtrace (crc 99260e31):\n [<ffffffff823ce65b>] kmemleak_alloc+0x4b/0x80\n [<ffffffff81493be2>] kmalloc_trace_noprof+0x312/0x3d0\n [<ffffffffa1345679>] intel_opregion_setup+0x89/0x700 [xe]\n [<ffffffffa125bfaf>] xe_display_init_noirq+0x2f/0x90 [xe]\n [<ffffffffa1199ec3>] xe_device_probe+0x7a3/0xbf0 [xe]\n [<ffffffffa11f3713>] xe_pci_probe+0x333/0x5b0 [xe]\n [<ffffffff81af6be8>] local_pci_probe+0x48/0xb0\n [<ffffffff81af8778>] pci_device_probe+0xc8/0x280\n [<ffffffff81d09048>] really_probe+0xf8/0x390\n [<ffffffff81d0937a>] __driver_probe_device+0x8a/0x170\n [<ffffffff81d09503>] driver_probe_device+0x23/0xb0\n [<ffffffff81d097b7>] __driver_attach+0xc7/0x190\n [<ffffffff81d0628d>] bus_for_each_dev+0x7d/0xd0\n [<ffffffff81d0851e>] driver_attach+0x1e/0x30\n [<ffffffff81d07ac7>] bus_add_driver+0x117/0x250\n\n(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe: Fix opregion leak Como parte de la pantalla, lo ideal ser\u00eda que la configuraci\u00f3n y la limpieza las hiciera la propia pantalla. Sin embargo, se trata de una refactorizaci\u00f3n m\u00e1s grande que debe realizarse tanto en i915 como en xe. Por ahora, solo arregle la fuga: objeto sin referencia 0xffff8881a0300008 (tama\u00f1o 192): comm \"modprobe\", pid 4354, jiffies 4295647021 volcado hexadecimal (primeros 32 bytes): 00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff ...'............ 18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00 ................ backtrace (crc 99260e31): [] kmemleak_alloc+0x4b/0x80 [] kmalloc_trace_noprof+0x312/0x3d0 [] intel_opregion_setup+0x89/0x700 [xe] [] xe_display_init_noirq+0x2f/0x90 [xe] [] xe_device_probe+0x7a3/0xbf0 [xe] [] xe_pci_probe+0x333/0x5b0 [xe] [] local_pci_probe+0x48/0xb0 [] pci_device_probe+0xc8/0x280 [] really_probe+0xf8/0x390 [] __driver_probe_device+0x8a/0x170 [] driver_probe_device+0x23/0xb0 [] __driver_attach+0xc7/0x190 [] bus_for_each_dev+0x7d/0xd0 [] driver_attach+0x1e/0x30 [] bus_add_driver+0x117/0x250 (seleccionado de el commit) 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)"}], "id": "CVE-2024-44980", "lastModified": "2024-10-10T17:42:53.433", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-04T20:15:07.460", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f7ecdd9853dd9f34e7cdfdadfb70b8f40644ebb4"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/xe: Fix opregion leak", "id": "2309843", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309843"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/xe: Fix opregion leak\nBeing part o the display, ideally the setup and cleanup would be done by\ndisplay itself. However this is a bigger refactor that needs to be done\non both i915 and xe. For now, just fix the leak:\nunreferenced object 0xffff8881a0300008 (size 192):\ncomm \"modprobe\", pid 4354, jiffies 4295647021\nhex dump (first 32 bytes):\n00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff ...'............\n18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00 ................\nbacktrace (crc 99260e31):\n[<ffffffff823ce65b>] kmemleak_alloc+0x4b/0x80\n[<ffffffff81493be2>] kmalloc_trace_noprof+0x312/0x3d0\n[<ffffffffa1345679>] intel_opregion_setup+0x89/0x700 [xe]\n[<ffffffffa125bfaf>] xe_display_init_noirq+0x2f/0x90 [xe]\n[<ffffffffa1199ec3>] xe_device_probe+0x7a3/0xbf0 [xe]\n[<ffffffffa11f3713>] xe_pci_probe+0x333/0x5b0 [xe]\n[<ffffffff81af6be8>] local_pci_probe+0x48/0xb0\n[<ffffffff81af8778>] pci_device_probe+0xc8/0x280\n[<ffffffff81d09048>] really_probe+0xf8/0x390\n[<ffffffff81d0937a>] __driver_probe_device+0x8a/0x170\n[<ffffffff81d09503>] driver_probe_device+0x23/0xb0\n[<ffffffff81d097b7>] __driver_attach+0xc7/0x190\n[<ffffffff81d0628d>] bus_for_each_dev+0x7d/0xd0\n[<ffffffff81d0851e>] driver_attach+0x1e/0x30\n[<ffffffff81d07ac7>] bus_add_driver+0x117/0x250\n(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)"], "name": "CVE-2024-44980", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-44980\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-44980\nhttps://lore.kernel.org/linux-cve-announce/2024090443-CVE-2024-44980-d1ba@gregkh/T"], "threat_severity": "Moderate"}