CVE-2024-46867 in Linux
Summary
by MITRE • 09/27/2024
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/client: fix deadlock in show_meminfo()
There is a real deadlock as well as sleeping in atomic() bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. Fix that by dropping the ref using xe_bo_put_deferred(), and moving the final commit outside of the lock. Dropping the lock around the put is tricky since the bo can go out of scope and delete itself from the list, making it difficult to navigate to the next list entry.
(cherry picked from commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a)
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 04/05/2026
The vulnerability identified as CVE-2024-46867 represents a critical concurrency issue within the Linux kernel's graphics subsystem, specifically affecting the x86 graphics execution engine driver. This flaw manifests as a deadlock condition that occurs during memory information retrieval operations, creating a scenario where system resources become permanently unavailable. The issue resides in the drm/xe/client component of the kernel, where the show_meminfo() function contains a fundamental race condition that can lead to complete system hang or denial of service. The vulnerability is particularly dangerous because it operates at the kernel level, where such failures can compromise the entire system stability and availability.
The technical root cause of this vulnerability stems from improper synchronization mechanisms within the graphics buffer object management system. When a buffer object reaches its final reference count, the destruction process attempts to acquire the same spinlock that is already held by the calling thread, creating an immediate deadlock scenario. Additionally, the code pattern violates kernel coding standards by performing sleeping operations within atomic contexts, which is strictly prohibited in kernel space programming. This combination of spinlock deadlock and atomic context violation creates a condition where the kernel cannot progress with its normal operation sequence, effectively freezing the graphics subsystem and potentially the entire system.
The operational impact of this vulnerability extends beyond simple system freezing to encompass potential data corruption and service disruption in graphics-intensive applications. Attackers could exploit this condition to cause persistent denial of service on systems utilizing Intel graphics hardware, particularly those running kernel versions containing the affected code path. The vulnerability affects systems where the graphics subsystem is actively managing buffer objects and memory information queries, making it relevant to servers, desktop systems, and embedded devices with Intel GPU support. The timing of the deadlock occurrence is particularly insidious because it can happen during normal system operations, making detection and prevention challenging. This vulnerability directly maps to CWE-362, which describes concurrent execution using shared resources without proper synchronization, and aligns with ATT&CK technique T1499.004 for resource exhaustion attacks.
The fix implemented for this vulnerability addresses the core synchronization problem by introducing a deferred buffer object release mechanism through xe_bo_put_deferred() function calls. This approach separates the reference counting operations from the critical lock acquisition, preventing the immediate deadlock condition. The solution also moves the final commit operation outside of the protected critical section, eliminating the atomic context violation while maintaining proper resource management. The patch demonstrates careful consideration of list traversal complexities, acknowledging that simple lock dropping could cause iterator invalidation issues when buffer objects are removed from linked lists. This defensive programming approach ensures that the system maintains proper memory management while avoiding the race conditions that led to the original deadlock scenario. The fix represents a standard pattern for resolving complex kernel synchronization issues and follows established best practices for preventing deadlocks in concurrent systems. The cherry-picked commit from the mainline kernel repository indicates that this solution has been thoroughly tested and validated within the broader kernel development community, ensuring compatibility with existing system configurations and minimizing the risk of introducing new instability.