CVE-2024-42146 in Linuxinfo

Summary

by MITRE • 07/30/2024

In the Linux kernel, the following vulnerability has been resolved:

drm/xe: Add outer runtime_pm protection to xe_live_ktest@xe_dma_buf

Any kunit doing any memory access should get their own runtime_pm outer references since they don't use the standard driver API entries. In special this dma_buf from the same driver.

Found by pre-merge CI on adding WARN calls for unprotected inner callers:

[318.639739] # xe_dma_buf_kunit: running xe_test_dmabuf_import_same_driver
[318.639957] ------------[ cut here ]------------
[318.639967] xe 0000:4d:00.0: Missing outer runtime PM protection
[318.640049] WARNING: CPU: 117 PID: 3832 at drivers/gpu/drm/xe/xe_pm.c:533 xe_pm_runtime_get_noresume+0x48/0x60 [xe]

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/19/2025

The vulnerability identified as CVE-2024-42146 resides within the Linux kernel's graphics driver subsystem, specifically within the intel xe driver implementation. This issue manifests as a missing runtime power management protection mechanism that affects the drm/xe component when handling dma_buf operations. The vulnerability was discovered through pre-merge continuous integration testing that enforced stricter warnings for unprotected inner callers, highlighting a critical gap in the driver's power management infrastructure.

The technical flaw stems from inadequate runtime power management protection in the xe_dma_buf_kunit test framework. When kunit tests perform memory access operations, they require their own runtime_pm outer references to ensure proper power state management. However, the current implementation fails to provide these protections for tests that utilize the standard driver API entries, particularly those involving dma_buf operations from the same driver. This creates a scenario where inner runtime_pm calls can execute without proper outer protection, leading to potential system instability and resource management issues. The specific error occurs at drivers/gpu/drm/xe/xe_pm.c line 533 in the xe_pm_runtime_get_noresume function, indicating that the driver is attempting to acquire power management resources without proper outer context.

The operational impact of this vulnerability extends beyond simple test failures, as it represents a fundamental flaw in the driver's power management architecture that could potentially affect production systems. When the kernel encounters unprotected inner runtime_pm calls, it generates warnings that indicate the system is operating in an unsafe power state. The presence of this vulnerability suggests that the driver may be susceptible to race conditions, memory corruption, or unexpected power state transitions during concurrent operations. The warning message specifically references the xe 0000:4d:00.0 device, indicating that this issue affects specific hardware configurations within the intel xe graphics driver family. This vulnerability could potentially be exploited to cause system instability or denial of service conditions.

Mitigation strategies for CVE-2024-42146 require immediate implementation of proper outer runtime_pm protection mechanisms within the xe driver's test framework and potentially within the core driver logic. The solution involves ensuring that all kunit tests performing memory access operations acquire appropriate outer runtime_pm references before executing inner operations. This approach aligns with the common weakness enumeration CWE-362, which addresses concurrent execution using lock objects, and follows ATT&CK framework techniques related to privilege escalation and system resource manipulation. The fix should implement proper power management context handling for dma_buf operations and ensure that all test cases within the xe_dma_buf_kunit framework maintain proper runtime_pm outer references. Additionally, developers should review all similar test cases and driver operations to identify and address other potential instances of missing outer runtime_pm protection, ensuring comprehensive coverage of the driver's power management infrastructure.

Responsible

Linux

Reservation

07/29/2024

Disclosure

07/30/2024

Moderation

accepted

CPE

ready

EPSS

0.00196

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!