Use After Free Vulnerability in Linux Kernel Affecting Trace Events
CVE-2024-49570

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

Summary

A vulnerability has been identified in the Linux kernel affecting trace events, notably within the drm/xe/tracing context. This issue arises due to a use after free (UAF) condition that could potentially lead to memory dereference errors during the TP_printk logging process. Specifically, the situation can occur in the xe_bo_move trace event when the xe_mem_type_to_name array is improperly handled. Remediation has been achieved through code fixes that ensure proper checks are made before dereferencing memory. Users are advised to implement explicit backporting measures for kernels prior to version 6.10 to protect against potential exploits.

Affected Version(s)

Linux e46d3f813abd2383881c66d21ba04cee9fbdf3a9 < 62cd174616ae3bf8a6cf468718f1ae74e5a07727

Linux e46d3f813abd2383881c66d21ba04cee9fbdf3a9

Linux e46d3f813abd2383881c66d21ba04cee9fbdf3a9 < 07089083a526ea19daa72a1edf9d6e209615b77c

References

https://git.kernel.org/stable/c/62cd174616ae3bf8a6cf46871...

https://git.kernel.org/stable/c/c9402da34611e1039ecccba3c...

https://git.kernel.org/stable/c/07089083a526ea19daa72a1ed...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Feb 27, 2025