V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2025-71099
CVE
High

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_c…

CVSS
7.8
High
EPSS
0.00
p1
Published
2025-01-01
Updated
2025-01-01
Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping metrics_lock. Since this lock protects the lifetime of oa_config, an attacker could guess the id and call xe_oa_remove_config_ioctl() with perfect timing, freeing oa_config before we dereference it, leading to a potential use-after-free. Fix this by caching the id in a local variable while holding the lock. v2: (Matt A) - Dropped mutex_unlock(&oa->metrics_lock) ordering change from xe_oa_remove_config_ioctl() (cherry picked from commit 28aeaed130e8e587fd1b73b6d66ca41ccc5a1a31)

Tags · CWE
LPE
CWE-416
Affected products
LinuxLinuxLinuxLinuxLinuxLinuxLinuxLinuxLinuxLinuxLinuxLinux-allwinner-5.19Linux-awsLinux-awsLinux-awsLinux-awsLinux-awsLinux-awsLinux-awsLinux-aws
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Timeline
2025-01-01
Published
2025-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.001 · p1
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
linuxTracked
linuxTracked
linuxTracked
linuxTracked
linuxTracked
linuxTracked
linuxTracked
linuxTracked
linuxTracked
linuxTracked
linuxTracked
linux-allwinner-5.19Tracked
linux-awsTracked
linux-awsTracked
linux-awsTracked
linux-awsTracked
linux-awsTracked
linux-awsTracked
linux-awsTracked
linux-awsTracked
Showing first 20 of 279