目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2024-41092— Linux kernel 安全漏洞

AI 预测 5.5 利用难度: 困难 EPSS 0.27% · P19

影响版本矩阵 14

厂商产品版本范围状态
LinuxLinux0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1< f771b91f21c46ad1217328d05e72a2c7e3add535affected
0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1< 29c0fdf49078ab161570d3d1c6e13d66f182717daffected
0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1< ca0fabd365a27a94a36e68a7a02df8ff3c13dac6affected
0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1< 06dec31a0a5112a91f49085e8a8fa1a82296d5c7affected
0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1< 414f4a31f7a811008fd9a33b06216b060bad18fcaffected
0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1< 996c3412a06578e9d779a16b9e79ace18125ab50affected
5.8affected
< 5.8unaffected
… +6 条更多
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2024-41092 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
drm/i915/gt: Fix potential UAF by revoke of fence registers
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix potential UAF by revoke of fence registers CI has been sporadically reporting the following issue triggered by igt@i915_selftest@live@hangcheck on ADL-P and similar machines: <6> [414.049203] i915: Running intel_hangcheck_live_selftests/igt_reset_evict_fence ... <6> [414.068804] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled <6> [414.068812] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled <3> [414.070354] Unable to pin Y-tiled fence; err:-4 <3> [414.071282] i915_vma_revoke_fence:301 GEM_BUG_ON(!i915_active_is_idle(&fence->active)) ... <4>[ 609.603992] ------------[ cut here ]------------ <2>[ 609.603995] kernel BUG at drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c:301! <4>[ 609.604003] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI <4>[ 609.604006] CPU: 0 PID: 268 Comm: kworker/u64:3 Tainted: G U W 6.9.0-CI_DRM_14785-g1ba62f8cea9c+ #1 <4>[ 609.604008] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023 <4>[ 609.604010] Workqueue: i915 __i915_gem_free_work [i915] <4>[ 609.604149] RIP: 0010:i915_vma_revoke_fence+0x187/0x1f0 [i915] ... <4>[ 609.604271] Call Trace: <4>[ 609.604273] <TASK> ... <4>[ 609.604716] __i915_vma_evict+0x2e9/0x550 [i915] <4>[ 609.604852] __i915_vma_unbind+0x7c/0x160 [i915] <4>[ 609.604977] force_unbind+0x24/0xa0 [i915] <4>[ 609.605098] i915_vma_destroy+0x2f/0xa0 [i915] <4>[ 609.605210] __i915_gem_object_pages_fini+0x51/0x2f0 [i915] <4>[ 609.605330] __i915_gem_free_objects.isra.0+0x6a/0xc0 [i915] <4>[ 609.605440] process_scheduled_works+0x351/0x690 ... In the past, there were similar failures reported by CI from other IGT tests, observed on other platforms. Before commit 63baf4f3d587 ("drm/i915/gt: Only wait for GPU activity before unbinding a GGTT fence"), i915_vma_revoke_fence() was waiting for idleness of vma->active via fence_update(). That commit introduced vma->fence->active in order for the fence_update() to be able to wait selectively on that one instead of vma->active since only idleness of fence registers was needed. But then, another commit 0d86ee35097a ("drm/i915/gt: Make fence revocation unequivocal") replaced the call to fence_update() in i915_vma_revoke_fence() with only fence_write(), and also added that GEM_BUG_ON(!i915_active_is_idle(&fence->active)) in front. No justification was provided on why we might then expect idleness of vma->fence->active without first waiting on it. The issue can be potentially caused by a race among revocation of fence registers on one side and sequential execution of signal callbacks invoked on completion of a request that was using them on the other, still processed in parallel to revocation of those fence registers. Fix it by waiting for idleness of vma->fence->active in i915_vma_revoke_fence(). (cherry picked from commit 24bb052d3dd499c5956abad5f7d8e4fd07da7fb1)
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于在自测试过程中,由于等待fence register的空闲,出现了竞态条件,导致潜在的释放后重用问题。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 ~ f771b91f21c46ad1217328d05e72a2c7e3add535 -
LinuxLinux 5.8 -

二、漏洞 CVE-2024-41092 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2024-41092 的情报信息

登录查看更多情报信息。

CVE-2024-41092 其他参考 (6)

同批安全公告 · Linux · 2024-07-29 · 共 121 条

CVE-2024-41088Linux kernel 安全漏洞
CVE-2024-42068Linux kernel 安全漏洞
CVE-2024-42067Linux kernel 安全漏洞
CVE-2024-42066Linux kernel 安全漏洞
CVE-2024-42065Linux kernel 安全漏洞
CVE-2024-42063Linux kernel 安全漏洞
CVE-2024-42064Linux kernel 安全漏洞
CVE-2023-52887Linux kernel 安全漏洞
CVE-2024-41098Linux kernel 安全漏洞
CVE-2024-41097Linux kernel 安全漏洞
CVE-2024-41096Linux kernel 安全漏洞
CVE-2024-41095Linux kernel 安全漏洞
CVE-2024-41094Linux kernel 安全漏洞
CVE-2024-41093Linux kernel 安全漏洞
CVE-2024-41089Linux kernel 安全漏洞
CVE-2024-41077Linux kernel 安全漏洞
CVE-2024-41080Linux kernel 安全漏洞
CVE-2024-41079Linux kernel 安全漏洞
CVE-2024-41078Linux kernel 安全漏洞
CVE-2024-41075Linux kernel 安全漏洞

显示前 20 条,共 121 条。 查看全部 &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2024-41092

暂无评论


发表评论