{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53087", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:24.980Z", "datePublished": "2024-11-19T17:45:15.510Z", "dateUpdated": "2024-12-19T09:38:52.257Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:38:52.257Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix possible exec queue leak in exec IOCTL\n\nIn a couple of places after an exec queue is looked up the exec IOCTL\nreturns on input errors without dropping the exec queue ref. Fix this\nensuring the exec queue ref is dropped on input error.\n\n(cherry picked from commit 07064a200b40ac2195cb6b7b779897d9377e5e6f)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/xe/xe_exec.c"], "versions": [{"version": "dd08ebf6c3525a7ea2186e636df064ea47281987", "lessThan": "2f92b77a8ce043fbda2664d9be4b66bdc57f67b7", "status": "affected", "versionType": "git"}, {"version": "dd08ebf6c3525a7ea2186e636df064ea47281987", "lessThan": "af797b831d8975cb4610f396dcb7f03f4b9908e7", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/xe/xe_exec.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.8", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/2f92b77a8ce043fbda2664d9be4b66bdc57f67b7"}, {"url": "https://git.kernel.org/stable/c/af797b831d8975cb4610f396dcb7f03f4b9908e7"}], "title": "drm/xe: Fix possible exec queue leak in exec IOCTL", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "24AB354E-701F-4D6C-8B18-A0BBA5C21C30", "versionEndExcluding": "6.11.8", "versionStartIncluding": "6.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*", "matchCriteriaId": "24DBE6C7-2AAE-4818-AED2-E131F153D2FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc6:*:*:*:*:*:*", "matchCriteriaId": "24B88717-53F5-42AA-9B72-14C707639E3F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix possible exec queue leak in exec IOCTL\n\nIn a couple of places after an exec queue is looked up the exec IOCTL\nreturns on input errors without dropping the exec queue ref. Fix this\nensuring the exec queue ref is dropped on input error.\n\n(cherry picked from commit 07064a200b40ac2195cb6b7b779897d9377e5e6f)"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe: Se corrige una posible p\u00e9rdida de cola de ejecuci\u00f3n en la IOCTL de ejecuci\u00f3n. En un par de lugares, despu\u00e9s de que se busca una cola de ejecuci\u00f3n, la IOCTL de ejecuci\u00f3n devuelve errores de entrada sin descartar la referencia de la cola de ejecuci\u00f3n. Se soluciona este problema asegur\u00e1ndose de descartar la referencia de la cola de ejecuci\u00f3n en caso de error de entrada. (seleccionado de el commit 07064a200b40ac2195cb6b7b779897d9377e5e6f)"}], "id": "CVE-2024-53087", "lastModified": "2024-11-27T20:08:11.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-11-19T18:15:27.883", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2f92b77a8ce043fbda2664d9be4b66bdc57f67b7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/af797b831d8975cb4610f396dcb7f03f4b9908e7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/xe: Fix possible exec queue leak in exec IOCTL", "id": "2327363", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327363"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/xe: Fix possible exec queue leak in exec IOCTL\nIn a couple of places after an exec queue is looked up the exec IOCTL\nreturns on input errors without dropping the exec queue ref. Fix this\nensuring the exec queue ref is dropped on input error.\n(cherry picked from commit 07064a200b40ac2195cb6b7b779897d9377e5e6f)"], "name": "CVE-2024-53087", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-11-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53087\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53087\nhttps://lore.kernel.org/linux-cve-announce/2024111906-CVE-2024-53087-6cd3@gregkh/T"], "threat_severity": "Moderate"}