CVE-2024-49942: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Prevent null pointer access in xe_migrate_copy xe_migrate_copy designed to copy content of TTM resources. When source resource is null, it will trigger a NULL pointer dereference in xe_migrate_copy. To avoid this situation, update lacks source flag to true for this case, the flag will trigger xe_migrate_clear rather than xe_migrate_copy. Issue trace: <7> [317.089847] xe 0000:00:02.0: [drm:xe_migrate_copy [xe]] Pass 14, sizes: 4194304 & 4194304 <7> [317.089945] xe 0000:00:02.0: [drm:xe_migrate_copy [xe]] Pass 15, sizes: 4194304 & 4194304 <1> [317.128055] BUG: kernel NULL pointer dereference, address: 0000000000000010 <1> [317.128064] #PF: supervisor read access in kernel mode <1> [317.128066] #PF: error_code(0x0000) - not-present page <6> [317.128069] PGD 0 P4D 0 <4> [317.128071] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI <4> [317.128074] CPU: 1 UID: 0 PID: 1440 Comm: kunit_try_catch Tainted: G U N 6.11.0-rc7-xe #1 <4> [317.128078] Tainted: [U]=USER, [N]=TEST <4> [317.128080] Hardware name: Intel Corporation Lunar Lake Client Platform/LNL-M LP5 RVP1, BIOS LNLMFWI1.R00.3221.D80.2407291239 07/29/2024 <4> [317.128082] RIP: 0010:xe_migrate_copy+0x66/0x13e0 [xe] <4> [317.128158] Code: 00 00 48 89 8d e0 fe ff ff 48 8b 40 10 4c 89 85 c8 fe ff ff 44 88 8d bd fe ff ff 65 48 8b 3c 25 28 00 00 00 48 89 7d d0 31 ff <8b> 79 10 48 89 85 a0 fe ff ff 48 8b 00 48 89 b5 d8 fe ff ff 83 ff <4> [317.128162] RSP: 0018:ffffc9000167f9f0 EFLAGS: 00010246 <4> [317.128164] RAX: ffff8881120d8028 RBX: ffff88814d070428 RCX: 0000000000000000 <4> [317.128166] RDX: ffff88813cb99c00 RSI: 0000000004000000 RDI: 0000000000000000 <4> [317.128168] RBP: ffffc9000167fbb8 R08: ffff88814e7b1f08 R09: 0000000000000001 <4> [317.128170] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88814e7b1f08 <4> [317.128172] R13: ffff88814e7b1f08 R14: ffff88813cb99c00 R15: 0000000000000001 <4> [317.128174] FS: 0000000000000000(0000) GS:ffff88846f280000(0000) knlGS:0000000000000000 <4> [317.128176] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4> [317.128178] CR2: 0000000000000010 CR3: 000000011f676004 CR4: 0000000000770ef0 <4> [317.128180] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 <4> [317.128182] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400 <4> [317.128184] PKRU: 55555554 <4> [317.128185] Call Trace: <4> [317.128187] <TASK> <4> [317.128189] ? show_regs+0x67/0x70 <4> [317.128194] ? __die_body+0x20/0x70 <4> [317.128196] ? __die+0x2b/0x40 <4> [317.128198] ? page_fault_oops+0x15f/0x4e0 <4> [317.128203] ? do_user_addr_fault+0x3fb/0x970 <4> [317.128205] ? lock_acquire+0xc7/0x2e0 <4> [317.128209] ? exc_page_fault+0x87/0x2b0 <4> [317.128212] ? asm_exc_page_fault+0x27/0x30 <4> [317.128216] ? xe_migrate_copy+0x66/0x13e0 [xe] <4> [317.128263] ? __lock_acquire+0xb9d/0x26f0 <4> [317.128265] ? __lock_acquire+0xb9d/0x26f0 <4> [317.128267] ? sg_free_append_table+0x20/0x80 <4> [317.128271] ? lock_acquire+0xc7/0x2e0 <4> [317.128273] ? mark_held_locks+0x4d/0x80 <4> [317.128275] ? trace_hardirqs_on+0x1e/0xd0 <4> [317.128278] ? _raw_spin_unlock_irqrestore+0x31/0x60 <4> [317.128281] ? __pm_runtime_resume+0x60/0xa0 <4> [317.128284] xe_bo_move+0x682/0xc50 [xe] <4> [317.128315] ? lock_is_held_type+0xaa/0x120 <4> [317.128318] ttm_bo_handle_move_mem+0xe5/0x1a0 [ttm] <4> [317.128324] ttm_bo_validate+0xd1/0x1a0 [ttm] <4> [317.128328] shrink_test_run_device+0x721/0xc10 [xe] <4> [317.128360] ? find_held_lock+0x31/0x90 <4> [317.128363] ? lock_release+0xd1/0x2a0 <4> [317.128365] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [kunit] <4> [317.128370] xe_bo_shrink_kunit+0x11/0x20 [xe] <4> [317.128397] kunit_try_run_case+0x6e/0x150 [kunit] <4> [317.128400] ? trace_hardirqs_on+0x1e/0xd0 <4> [317.128402] ? _raw_spin_unlock_irqrestore+0x31/0x60 <4> [317.128404] kunit_generic_run_threadfn_adapter+0x1e/0x40 [ku ---truncated---
AI Analysis
Technical Summary
CVE-2024-49942 is a vulnerability identified in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically within the xe driver component responsible for managing Intel's Xe graphics technology. The flaw arises in the function xe_migrate_copy, which is designed to copy the contents of Translation Table Maps (TTM) resources during memory migration operations. When the source resource pointer is null, the function attempts to dereference it, leading to a NULL pointer dereference and consequent kernel crash (kernel oops). This occurs because the update operation lacks a source flag set to true, which would otherwise trigger a safer cleanup function xe_migrate_clear instead of xe_migrate_copy. The vulnerability manifests as a kernel panic or oops, disrupting normal system operations. The provided kernel logs confirm the NULL pointer dereference at address 0x10, with the fault occurring in kernel mode, indicating a critical failure in memory handling within the DRM xe driver. This issue affects Linux kernel versions incorporating the xe driver for Intel Lunar Lake Client platforms and potentially other Intel Xe-based hardware. Although no known exploits are reported in the wild, the vulnerability can be triggered by operations involving TTM resource migration, possibly through graphics workloads or kernel modules interacting with the DRM subsystem. The flaw is a result of insufficient validation of resource pointers before dereferencing, a common programming error that can lead to denial of service via system crashes. No CVSS score is assigned yet, but the technical details and kernel tracebacks confirm a stability-impacting bug that requires patching to prevent system reliability issues.
Potential Impact
For European organizations, this vulnerability poses a significant risk primarily in environments running Linux kernels with Intel Xe graphics support, such as workstations, servers, or embedded systems using Lunar Lake or similar Intel platforms. The impact is mainly a denial of service (DoS) through kernel crashes, which can disrupt critical services, cause data loss, or require system reboots, affecting availability. Organizations relying on Linux-based infrastructure for cloud services, data centers, or industrial control systems could experience operational interruptions. While the vulnerability does not directly enable privilege escalation or data exfiltration, the induced kernel panic could be exploited by attackers to cause persistent outages or to facilitate further attacks during recovery windows. Given the widespread use of Linux in European public sector, research institutions, and enterprises, especially those utilizing Intel hardware, the risk of service disruption is non-trivial. Additionally, the lack of authentication or user interaction requirements for triggering the flaw increases the threat surface, as local or potentially remote processes with access to the DRM subsystem could provoke the crash. This could be particularly impactful in multi-tenant cloud environments or shared hosting scenarios common in Europe, where stability and uptime are critical.
Mitigation Recommendations
To mitigate CVE-2024-49942, European organizations should prioritize updating their Linux kernels to versions where the patch addressing this NULL pointer dereference in xe_migrate_copy is applied. Since no patch links are provided, monitoring official Linux kernel repositories and Intel driver updates for the fix is essential. In the interim, organizations can limit exposure by restricting access to the DRM subsystem and related device nodes to trusted users and processes only, minimizing the risk of unprivileged triggering. Employing kernel lockdown features and mandatory access controls (e.g., SELinux, AppArmor) to confine processes that interact with graphics drivers can reduce attack vectors. Additionally, auditing and monitoring kernel logs for repeated oops or crashes related to the xe driver can provide early detection of exploitation attempts. For environments where immediate patching is not feasible, consider disabling or blacklisting the xe driver module if it is not critical to operations, thereby eliminating the vulnerable code path. Finally, integrating this vulnerability into vulnerability management workflows and incident response plans will ensure timely remediation and response to any exploitation attempts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-49942: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Prevent null pointer access in xe_migrate_copy xe_migrate_copy designed to copy content of TTM resources. When source resource is null, it will trigger a NULL pointer dereference in xe_migrate_copy. To avoid this situation, update lacks source flag to true for this case, the flag will trigger xe_migrate_clear rather than xe_migrate_copy. Issue trace: <7> [317.089847] xe 0000:00:02.0: [drm:xe_migrate_copy [xe]] Pass 14, sizes: 4194304 & 4194304 <7> [317.089945] xe 0000:00:02.0: [drm:xe_migrate_copy [xe]] Pass 15, sizes: 4194304 & 4194304 <1> [317.128055] BUG: kernel NULL pointer dereference, address: 0000000000000010 <1> [317.128064] #PF: supervisor read access in kernel mode <1> [317.128066] #PF: error_code(0x0000) - not-present page <6> [317.128069] PGD 0 P4D 0 <4> [317.128071] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI <4> [317.128074] CPU: 1 UID: 0 PID: 1440 Comm: kunit_try_catch Tainted: G U N 6.11.0-rc7-xe #1 <4> [317.128078] Tainted: [U]=USER, [N]=TEST <4> [317.128080] Hardware name: Intel Corporation Lunar Lake Client Platform/LNL-M LP5 RVP1, BIOS LNLMFWI1.R00.3221.D80.2407291239 07/29/2024 <4> [317.128082] RIP: 0010:xe_migrate_copy+0x66/0x13e0 [xe] <4> [317.128158] Code: 00 00 48 89 8d e0 fe ff ff 48 8b 40 10 4c 89 85 c8 fe ff ff 44 88 8d bd fe ff ff 65 48 8b 3c 25 28 00 00 00 48 89 7d d0 31 ff <8b> 79 10 48 89 85 a0 fe ff ff 48 8b 00 48 89 b5 d8 fe ff ff 83 ff <4> [317.128162] RSP: 0018:ffffc9000167f9f0 EFLAGS: 00010246 <4> [317.128164] RAX: ffff8881120d8028 RBX: ffff88814d070428 RCX: 0000000000000000 <4> [317.128166] RDX: ffff88813cb99c00 RSI: 0000000004000000 RDI: 0000000000000000 <4> [317.128168] RBP: ffffc9000167fbb8 R08: ffff88814e7b1f08 R09: 0000000000000001 <4> [317.128170] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88814e7b1f08 <4> [317.128172] R13: ffff88814e7b1f08 R14: ffff88813cb99c00 R15: 0000000000000001 <4> [317.128174] FS: 0000000000000000(0000) GS:ffff88846f280000(0000) knlGS:0000000000000000 <4> [317.128176] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4> [317.128178] CR2: 0000000000000010 CR3: 000000011f676004 CR4: 0000000000770ef0 <4> [317.128180] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 <4> [317.128182] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400 <4> [317.128184] PKRU: 55555554 <4> [317.128185] Call Trace: <4> [317.128187] <TASK> <4> [317.128189] ? show_regs+0x67/0x70 <4> [317.128194] ? __die_body+0x20/0x70 <4> [317.128196] ? __die+0x2b/0x40 <4> [317.128198] ? page_fault_oops+0x15f/0x4e0 <4> [317.128203] ? do_user_addr_fault+0x3fb/0x970 <4> [317.128205] ? lock_acquire+0xc7/0x2e0 <4> [317.128209] ? exc_page_fault+0x87/0x2b0 <4> [317.128212] ? asm_exc_page_fault+0x27/0x30 <4> [317.128216] ? xe_migrate_copy+0x66/0x13e0 [xe] <4> [317.128263] ? __lock_acquire+0xb9d/0x26f0 <4> [317.128265] ? __lock_acquire+0xb9d/0x26f0 <4> [317.128267] ? sg_free_append_table+0x20/0x80 <4> [317.128271] ? lock_acquire+0xc7/0x2e0 <4> [317.128273] ? mark_held_locks+0x4d/0x80 <4> [317.128275] ? trace_hardirqs_on+0x1e/0xd0 <4> [317.128278] ? _raw_spin_unlock_irqrestore+0x31/0x60 <4> [317.128281] ? __pm_runtime_resume+0x60/0xa0 <4> [317.128284] xe_bo_move+0x682/0xc50 [xe] <4> [317.128315] ? lock_is_held_type+0xaa/0x120 <4> [317.128318] ttm_bo_handle_move_mem+0xe5/0x1a0 [ttm] <4> [317.128324] ttm_bo_validate+0xd1/0x1a0 [ttm] <4> [317.128328] shrink_test_run_device+0x721/0xc10 [xe] <4> [317.128360] ? find_held_lock+0x31/0x90 <4> [317.128363] ? lock_release+0xd1/0x2a0 <4> [317.128365] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [kunit] <4> [317.128370] xe_bo_shrink_kunit+0x11/0x20 [xe] <4> [317.128397] kunit_try_run_case+0x6e/0x150 [kunit] <4> [317.128400] ? trace_hardirqs_on+0x1e/0xd0 <4> [317.128402] ? _raw_spin_unlock_irqrestore+0x31/0x60 <4> [317.128404] kunit_generic_run_threadfn_adapter+0x1e/0x40 [ku ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-49942 is a vulnerability identified in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically within the xe driver component responsible for managing Intel's Xe graphics technology. The flaw arises in the function xe_migrate_copy, which is designed to copy the contents of Translation Table Maps (TTM) resources during memory migration operations. When the source resource pointer is null, the function attempts to dereference it, leading to a NULL pointer dereference and consequent kernel crash (kernel oops). This occurs because the update operation lacks a source flag set to true, which would otherwise trigger a safer cleanup function xe_migrate_clear instead of xe_migrate_copy. The vulnerability manifests as a kernel panic or oops, disrupting normal system operations. The provided kernel logs confirm the NULL pointer dereference at address 0x10, with the fault occurring in kernel mode, indicating a critical failure in memory handling within the DRM xe driver. This issue affects Linux kernel versions incorporating the xe driver for Intel Lunar Lake Client platforms and potentially other Intel Xe-based hardware. Although no known exploits are reported in the wild, the vulnerability can be triggered by operations involving TTM resource migration, possibly through graphics workloads or kernel modules interacting with the DRM subsystem. The flaw is a result of insufficient validation of resource pointers before dereferencing, a common programming error that can lead to denial of service via system crashes. No CVSS score is assigned yet, but the technical details and kernel tracebacks confirm a stability-impacting bug that requires patching to prevent system reliability issues.
Potential Impact
For European organizations, this vulnerability poses a significant risk primarily in environments running Linux kernels with Intel Xe graphics support, such as workstations, servers, or embedded systems using Lunar Lake or similar Intel platforms. The impact is mainly a denial of service (DoS) through kernel crashes, which can disrupt critical services, cause data loss, or require system reboots, affecting availability. Organizations relying on Linux-based infrastructure for cloud services, data centers, or industrial control systems could experience operational interruptions. While the vulnerability does not directly enable privilege escalation or data exfiltration, the induced kernel panic could be exploited by attackers to cause persistent outages or to facilitate further attacks during recovery windows. Given the widespread use of Linux in European public sector, research institutions, and enterprises, especially those utilizing Intel hardware, the risk of service disruption is non-trivial. Additionally, the lack of authentication or user interaction requirements for triggering the flaw increases the threat surface, as local or potentially remote processes with access to the DRM subsystem could provoke the crash. This could be particularly impactful in multi-tenant cloud environments or shared hosting scenarios common in Europe, where stability and uptime are critical.
Mitigation Recommendations
To mitigate CVE-2024-49942, European organizations should prioritize updating their Linux kernels to versions where the patch addressing this NULL pointer dereference in xe_migrate_copy is applied. Since no patch links are provided, monitoring official Linux kernel repositories and Intel driver updates for the fix is essential. In the interim, organizations can limit exposure by restricting access to the DRM subsystem and related device nodes to trusted users and processes only, minimizing the risk of unprivileged triggering. Employing kernel lockdown features and mandatory access controls (e.g., SELinux, AppArmor) to confine processes that interact with graphics drivers can reduce attack vectors. Additionally, auditing and monitoring kernel logs for repeated oops or crashes related to the xe driver can provide early detection of exploitation attempts. For environments where immediate patching is not feasible, consider disabling or blacklisting the xe driver module if it is not critical to operations, thereby eliminating the vulnerable code path. Finally, integrating this vulnerability into vulnerability management workflows and incident response plans will ensure timely remediation and response to any exploitation attempts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T12:17:06.043Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9826c4522896dcbe0ab6
Added to database: 5/21/2025, 9:08:54 AM
Last enriched: 6/28/2025, 9:57:13 PM
Last updated: 7/26/2025, 7:29:58 AM
Views: 8
Related Threats
CVE-2025-8834: Cross Site Scripting in JCG Link-net LW-N915R
MediumCVE-2025-55159: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in tokio-rs slab
MediumCVE-2025-55161: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-25235: CWE-918 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway
HighCVE-2025-55151: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.