CVE-2024-50090

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 5, 2024
Updated: Nov 12, 2024

Summary

CVE-2024-50090 is a vulnerability affecting the Linux kernel's drm/xe/oa component. It results from an overflow in the oa batch buffer, which occurs due to the repeated appending of MI_BATCH_BUFFER_END to the buffer. This issue arises when the same batch buffer is reused for multiple metric calls. The vulnerability leads to a kernel assertion failure, potentially causing system instability or crashes. A fix for this issue involves checking if the batch buffer already contains MI_BATCH_BUFFER_END before appending it again. This patch was suggested by Ashutosh and implemented in commit 9ba0e0f30ca42a98af3689460063edfb6315718a.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share