CVE-2024-46683

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 13, 2024
CWE ID 416

Summary

CVE-2024-46683 identifies a vulnerability in the Linux kernel related to improper handling of fence locks, specifically a use-after-free (UAF) condition that can occur if the fence lock is released before its associated queue reference is properly managed. This flaw affects systems utilizing the Direct Rendering Manager (DRM) within the Linux kernel. To remediate this issue, patches have been made available that adjust the design to ensure that the fence lock is incorporated into the fence itself, thereby preventing lifetime issues. The vulnerability poses significant risks to organizations, with a CVSS v3.1 score of 7.8 indicating high severity and potential impacts on integrity and confidentiality. Exploitation requires low privileges and does not involve user interaction, emphasizing the need for prompt updates to mitigate local attack vectors.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share