cve/published/2024/CVE-2024-50187.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: Stop the active perfmon before being destroyed\n\nUpon closing the file descriptor, the active performance monitor is not\nstopped. Although all perfmons are destroyed in `vc4_perfmon_close_file()`,\nthe active performance monitor's pointer (`vc4->active_perfmon`) is still\nretained.\n\nIf we open a new file descriptor and submit a few jobs with performance\nmonitors, the driver will attempt to stop the active performance monitor\nusing the stale pointer in `vc4->active_perfmon`. However, this pointer\nis no longer valid because the previous process has already terminated,\nand all performance monitors associated with it have been destroyed and\nfreed.\n\nTo fix this, when the active performance monitor belongs to a given\nprocess, explicitly stop it before destroying and freeing it."
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/gpu/drm/vc4/vc4_perfmon.c"
                ],
                "versions": [
                   {
                      "version": "65101d8c9108201118efa7e08f4e2c57f438deb9",
                      "lessThan": "75452da51e2403e14be007df80d133e1443fc967",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "65101d8c9108201118efa7e08f4e2c57f438deb9",
                      "lessThan": "937943c042503dc6087438bf3557f9057a588ba0",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "65101d8c9108201118efa7e08f4e2c57f438deb9",
                      "lessThan": "c9adba739d5f7cdc47a7754df4a17b47b1ecf513",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "65101d8c9108201118efa7e08f4e2c57f438deb9",
                      "lessThan": "0b2ad4f6f2bec74a5287d96cb2325a5e11706f22",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/gpu/drm/vc4/vc4_perfmon.c"
                ],
                "versions": [
                   {
                      "version": "4.17",
                      "status": "affected"
                   },
                   {
                      "version": "0",
                      "lessThan": "4.17",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.1.113",
                      "lessThanOrEqual": "6.1.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.6.57",
                      "lessThanOrEqual": "6.6.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.11.4",
                      "lessThanOrEqual": "6.11.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "6.12",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "4.17",
                            "versionEndExcluding": "6.1.113"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "4.17",
                            "versionEndExcluding": "6.6.57"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "4.17",
                            "versionEndExcluding": "6.11.4"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "4.17",
                            "versionEndExcluding": "6.12"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/75452da51e2403e14be007df80d133e1443fc967"
             },
             {
                "url": "https://git.kernel.org/stable/c/937943c042503dc6087438bf3557f9057a588ba0"
             },
             {
                "url": "https://git.kernel.org/stable/c/c9adba739d5f7cdc47a7754df4a17b47b1ecf513"
             },
             {
                "url": "https://git.kernel.org/stable/c/0b2ad4f6f2bec74a5287d96cb2325a5e11706f22"
             }
          ],
          "title": "drm/vc4: Stop the active perfmon before being destroyed",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2024-50187",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: Stop the active perfmon before being destroyed\n\nUpon closing the file descriptor, the active performance monitor is not\nstopped. Although all perfmons are destroyed in `vc4_perfmon_close_file()`,\nthe active performance monitor's pointer (`vc4->active_perfmon`) is still\nretained.\n\nIf we open a new file descriptor and submit a few jobs with performance\nmonitors, the driver will attempt to stop the active performance monitor\nusing the stale pointer in `vc4->active_perfmon`. However, this pointer\nis no longer valid because the previous process has already terminated,\nand all performance monitors associated with it have been destroyed and\nfreed.\n\nTo fix this, when the active performance monitor belongs to a given\nprocess, explicitly stop it before destroying and freeing it."
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/gpu/drm/vc4/vc4_perfmon.c"
	],
	"versions": [
	{
	"version": "65101d8c9108201118efa7e08f4e2c57f438deb9",
	"lessThan": "75452da51e2403e14be007df80d133e1443fc967",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "65101d8c9108201118efa7e08f4e2c57f438deb9",
	"lessThan": "937943c042503dc6087438bf3557f9057a588ba0",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "65101d8c9108201118efa7e08f4e2c57f438deb9",
	"lessThan": "c9adba739d5f7cdc47a7754df4a17b47b1ecf513",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "65101d8c9108201118efa7e08f4e2c57f438deb9",
	"lessThan": "0b2ad4f6f2bec74a5287d96cb2325a5e11706f22",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/gpu/drm/vc4/vc4_perfmon.c"
	],
	"versions": [
	{
	"version": "4.17",
	"status": "affected"
	},
	{
	"version": "0",
	"lessThan": "4.17",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.1.113",
	"lessThanOrEqual": "6.1.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.6.57",
	"lessThanOrEqual": "6.6.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.11.4",
	"lessThanOrEqual": "6.11.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "6.12",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "4.17",
	"versionEndExcluding": "6.1.113"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "4.17",
	"versionEndExcluding": "6.6.57"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "4.17",
	"versionEndExcluding": "6.11.4"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "4.17",
	"versionEndExcluding": "6.12"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/75452da51e2403e14be007df80d133e1443fc967"
	},
	{
	"url": "https://git.kernel.org/stable/c/937943c042503dc6087438bf3557f9057a588ba0"
	},
	{
	"url": "https://git.kernel.org/stable/c/c9adba739d5f7cdc47a7754df4a17b47b1ecf513"
	},
	{
	"url": "https://git.kernel.org/stable/c/0b2ad4f6f2bec74a5287d96cb2325a5e11706f22"
	}
	],
	"title": "drm/vc4: Stop the active perfmon before being destroyed",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2024-50187",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}