CVE-2024-57844: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix fault on fd close after unbind If userspace holds an fd open, unbinds the device and then closes it, the driver shouldn't try to access the hardware. Protect it by using drm_dev_enter()/drm_dev_exit(). This fixes the following page fault: <6> [IGT] xe_wedged: exiting, ret=98 <1> BUG: unable to handle page fault for address: ffffc901bc5e508c <1> #PF: supervisor read access in kernel mode <1> #PF: error_code(0x0000) - not-present page ... <4> xe_lrc_update_timestamp+0x1c/0xd0 [xe] <4> xe_exec_queue_update_run_ticks+0x50/0xb0 [xe] <4> xe_exec_queue_fini+0x16/0xb0 [xe] <4> __guc_exec_queue_fini_async+0xc4/0x190 [xe] <4> guc_exec_queue_fini_async+0xa0/0xe0 [xe] <4> guc_exec_queue_fini+0x23/0x40 [xe] <4> xe_exec_queue_destroy+0xb3/0xf0 [xe] <4> xe_file_close+0xd4/0x1a0 [xe] <4> drm_file_free+0x210/0x280 [drm] <4> drm_close_helper.isra.0+0x6d/0x80 [drm] <4> drm_release_noglobal+0x20/0x90 [drm] (cherry picked from commit 4ca1fd418338d4d135428a0eb1e16e3b3ce17ee8)
AI Analysis
Technical Summary
CVE-2024-57844 is a vulnerability identified in the Linux kernel specifically within the Direct Rendering Manager (DRM) subsystem's 'xe' driver component. The issue arises when userspace applications hold a file descriptor (fd) open for a device, unbind the device, and subsequently close the fd. Under these conditions, the driver improperly attempts to access hardware resources that are no longer valid, leading to a kernel page fault. This fault manifests as a supervisor read access violation in kernel mode, resulting in a BUG report and potential kernel crash or instability. The root cause is the lack of proper synchronization and protection around device unbinding and fd closure. The fix involves the use of drm_dev_enter() and drm_dev_exit() functions to ensure safe access to the device during these operations, preventing the driver from accessing hardware after unbinding. This vulnerability is critical because it can cause denial of service (DoS) through kernel crashes and may be exploitable by local userspace processes interacting with the DRM subsystem. The vulnerability was resolved by a commit cherry-picked into the Linux kernel, but no CVSS score or known exploits in the wild have been reported as of the publication date.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of local denial of service on systems running affected Linux kernel versions with the 'xe' DRM driver enabled. Systems used in graphics-intensive environments, such as workstations, servers with GPU acceleration, or embedded devices relying on this driver, could experience kernel crashes triggered by malicious or buggy userspace applications. This could disrupt critical services, degrade system availability, and potentially lead to data loss if systems become unstable. While the vulnerability does not directly indicate privilege escalation or remote code execution, the resulting instability could be leveraged as part of a broader attack chain. Organizations relying on Linux-based infrastructure for cloud services, research computing, or industrial control systems should be aware of this risk. The impact is more pronounced in environments where untrusted users have local access or where automated processes manage device bindings dynamically. Given the lack of known exploits, the immediate threat level is moderate, but the potential for denial of service warrants timely remediation.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch fixing CVE-2024-57844. Specifically, ensure that the drm/xe driver incorporates the drm_dev_enter()/drm_dev_exit() protection around device unbinding and fd closure. System administrators should audit systems for usage of the 'xe' DRM driver and assess whether untrusted users have local access to these systems. Restricting local access and enforcing strict user permissions can reduce exploitation risk. Additionally, monitoring kernel logs for page fault errors related to drm/xe can help detect attempts to trigger this vulnerability. For environments where kernel updates are delayed, consider disabling or blacklisting the 'xe' driver if it is not essential. Implementing robust system integrity monitoring and automated patch management processes will help mitigate this and future kernel vulnerabilities promptly.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-57844: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix fault on fd close after unbind If userspace holds an fd open, unbinds the device and then closes it, the driver shouldn't try to access the hardware. Protect it by using drm_dev_enter()/drm_dev_exit(). This fixes the following page fault: <6> [IGT] xe_wedged: exiting, ret=98 <1> BUG: unable to handle page fault for address: ffffc901bc5e508c <1> #PF: supervisor read access in kernel mode <1> #PF: error_code(0x0000) - not-present page ... <4> xe_lrc_update_timestamp+0x1c/0xd0 [xe] <4> xe_exec_queue_update_run_ticks+0x50/0xb0 [xe] <4> xe_exec_queue_fini+0x16/0xb0 [xe] <4> __guc_exec_queue_fini_async+0xc4/0x190 [xe] <4> guc_exec_queue_fini_async+0xa0/0xe0 [xe] <4> guc_exec_queue_fini+0x23/0x40 [xe] <4> xe_exec_queue_destroy+0xb3/0xf0 [xe] <4> xe_file_close+0xd4/0x1a0 [xe] <4> drm_file_free+0x210/0x280 [drm] <4> drm_close_helper.isra.0+0x6d/0x80 [drm] <4> drm_release_noglobal+0x20/0x90 [drm] (cherry picked from commit 4ca1fd418338d4d135428a0eb1e16e3b3ce17ee8)
AI-Powered Analysis
Technical Analysis
CVE-2024-57844 is a vulnerability identified in the Linux kernel specifically within the Direct Rendering Manager (DRM) subsystem's 'xe' driver component. The issue arises when userspace applications hold a file descriptor (fd) open for a device, unbind the device, and subsequently close the fd. Under these conditions, the driver improperly attempts to access hardware resources that are no longer valid, leading to a kernel page fault. This fault manifests as a supervisor read access violation in kernel mode, resulting in a BUG report and potential kernel crash or instability. The root cause is the lack of proper synchronization and protection around device unbinding and fd closure. The fix involves the use of drm_dev_enter() and drm_dev_exit() functions to ensure safe access to the device during these operations, preventing the driver from accessing hardware after unbinding. This vulnerability is critical because it can cause denial of service (DoS) through kernel crashes and may be exploitable by local userspace processes interacting with the DRM subsystem. The vulnerability was resolved by a commit cherry-picked into the Linux kernel, but no CVSS score or known exploits in the wild have been reported as of the publication date.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of local denial of service on systems running affected Linux kernel versions with the 'xe' DRM driver enabled. Systems used in graphics-intensive environments, such as workstations, servers with GPU acceleration, or embedded devices relying on this driver, could experience kernel crashes triggered by malicious or buggy userspace applications. This could disrupt critical services, degrade system availability, and potentially lead to data loss if systems become unstable. While the vulnerability does not directly indicate privilege escalation or remote code execution, the resulting instability could be leveraged as part of a broader attack chain. Organizations relying on Linux-based infrastructure for cloud services, research computing, or industrial control systems should be aware of this risk. The impact is more pronounced in environments where untrusted users have local access or where automated processes manage device bindings dynamically. Given the lack of known exploits, the immediate threat level is moderate, but the potential for denial of service warrants timely remediation.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch fixing CVE-2024-57844. Specifically, ensure that the drm/xe driver incorporates the drm_dev_enter()/drm_dev_exit() protection around device unbinding and fd closure. System administrators should audit systems for usage of the 'xe' DRM driver and assess whether untrusted users have local access to these systems. Restricting local access and enforcing strict user permissions can reduce exploitation risk. Additionally, monitoring kernel logs for page fault errors related to drm/xe can help detect attempts to trigger this vulnerability. For environments where kernel updates are delayed, consider disabling or blacklisting the 'xe' driver if it is not essential. Implementing robust system integrity monitoring and automated patch management processes will help mitigate this and future kernel vulnerabilities promptly.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-01-15T13:08:59.638Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9822c4522896dcbde8db
Added to database: 5/21/2025, 9:08:50 AM
Last enriched: 6/28/2025, 8:25:14 AM
Last updated: 7/31/2025, 11:20:26 AM
Views: 12
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.