GHSA-7MJF-5RRM-399R

Vulnerability from github – Published: 2024-11-19 18:31 – Updated: 2025-10-01 21:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/imagination: Break an object reference loop

When remaining resources are being cleaned up on driver close, outstanding VM mappings may result in resources being leaked, due to an object reference loop, as shown below, with each object (or set of objects) referencing the object below it:

PVR GEM Object
GPU scheduler "finished" fence
GPU scheduler “scheduled” fence
PVR driver “done” fence
PVR Context
PVR VM Context
PVR VM Mappings
PVR GEM Object

The reference that the PVR VM Context has on the VM mappings is a soft one, in the sense that the freeing of outstanding VM mappings is done as part of VM context destruction; no reference counts are involved, as is the case for all the other references in the loop.

To break the reference loop during cleanup, free the outstanding VM mappings before destroying the PVR Context associated with the VM context.

Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-53084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-19T18:15:27Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Break an object reference loop\n\nWhen remaining resources are being cleaned up on driver close,\noutstanding VM mappings may result in resources being leaked, due\nto an object reference loop, as shown below, with each object (or\nset of objects) referencing the object below it:\n\n    PVR GEM Object\n    GPU scheduler \"finished\" fence\n    GPU scheduler \u201cscheduled\u201d fence\n    PVR driver \u201cdone\u201d fence\n    PVR Context\n    PVR VM Context\n    PVR VM Mappings\n    PVR GEM Object\n\nThe reference that the PVR VM Context has on the VM mappings is a\nsoft one, in the sense that the freeing of outstanding VM mappings\nis done as part of VM context destruction; no reference counts are\ninvolved, as is the case for all the other references in the loop.\n\nTo break the reference loop during cleanup, free the outstanding\nVM mappings before destroying the PVR Context associated with the\nVM context.",
  "id": "GHSA-7mjf-5rrm-399r",
  "modified": "2025-10-01T21:30:37Z",
  "published": "2024-11-19T18:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53084"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b04ce1e718bd55302b52d05d6873e233cb3ec7a1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cb86db12b290ed07d05df00d99fa150bb123e80e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.