CVE-2024-49570
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-49570
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49570.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-49570
- Downstream
- Related
- Published
- 2025-02-27T02:18:06.123Z
- Modified
- 2025-11-28T02:33:59.723793Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- drm/xe/tracing: Fix a potential TP_printk UAF
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/tracing: Fix a potential TP_printk UAF
The commit afd2627f727b ("tracing: Check "%s" dereference via the field and not the TPprintk format") exposes potential UAFs in the xebo_move trace event.
Fix those by avoiding dereferencing the xememtypetoname[] array at TP_printk time.
Since some code refactoring has taken place, explicit backporting may be needed for kernels older than 6.10.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49570.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/07089083a526ea19daa72a1edf9d6e209615b77c
- https://git.kernel.org/stable/c/62cd174616ae3bf8a6cf468718f1ae74e5a07727
- https://git.kernel.org/stable/c/c9402da34611e1039ecccba3c1481c4866f7ca64
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49570.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-49570