CVE-2024-49865 in Linux
Summary
by MITRE • 10/21/2024
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/vm: move xa_alloc to prevent UAF
Evil user can guess the next id of the vm before the ioctl completes and then call vm destroy ioctl to trigger UAF since create ioctl is still referencing the same vm. Move the xa_alloc all the way to the end to prevent this.
v2: - Rebase
(cherry picked from commit dcfd3971327f3ee92765154baebbaece833d3ca9)
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 01/19/2026
The vulnerability identified as CVE-2024-49865 represents a use-after-free condition within the Linux kernel's graphics driver subsystem, specifically affecting the intel xeon edger (xe) driver implementation. This flaw exists in the virtual memory management component of the direct rendering manager (drm) framework, which handles graphics memory allocation and management for intel GPU hardware. The issue manifests when multiple ioctl operations are processed concurrently, creating a race condition that allows malicious users to exploit the timing window between resource allocation and deallocation.
The technical root cause stems from improper ordering of memory allocation operations within the virtual memory management code path. The vulnerability occurs when a user process attempts to create a virtual memory object through an ioctl interface while another process simultaneously attempts to destroy the same virtual memory object. The kernel's implementation fails to properly synchronize these operations, allowing an attacker to predict the next available virtual memory identifier before the creation ioctl operation completes. This prediction enables the attacker to trigger a premature destruction of the virtual memory object while the creation operation is still actively referencing the same memory structures.
This vulnerability directly maps to CWE-416, Use After Free, which is a well-documented class of memory safety issues where program code continues to reference memory after it has been freed. The attack scenario follows patterns consistent with the ATT&CK technique T1059.003, which involves executing malicious code through command and scripting interpreters, as the exploitation leverages legitimate kernel interfaces to achieve unauthorized memory access patterns. The flaw represents a classic race condition vulnerability where the timing of memory allocation and deallocation operations creates an exploitable window.
The operational impact of this vulnerability extends beyond simple memory corruption, potentially allowing privilege escalation attacks where a local malicious user could leverage the use-after-free condition to execute arbitrary code with kernel privileges. This would enable attackers to bypass kernel security controls, access protected memory regions, and potentially compromise the entire system. The vulnerability affects systems running the Linux kernel with intel GPU drivers, particularly those utilizing the xe driver for graphics processing, making it relevant to a wide range of computing environments including desktop systems, servers, and embedded devices.
The fix implemented addresses this issue by reordering the memory allocation operations to ensure that the xa_alloc function call is moved to the final stage of the virtual memory creation process. This ensures that all necessary initialization and validation occurs before the memory identifier is made available for subsequent operations. The patch follows a defensive programming approach by ensuring that resources are fully initialized and validated before being exposed to concurrent access patterns. This change effectively eliminates the race condition by preventing the premature availability of virtual memory identifiers that could be targeted by malicious processes attempting to exploit the timing window between creation and destruction operations.
The mitigation strategy requires kernel updates to apply the patched code, which ensures proper synchronization between concurrent virtual memory operations. System administrators should prioritize applying these updates to systems running intel GPU hardware, particularly those with multiple concurrent users or applications that might create virtual memory objects. The fix demonstrates the importance of proper resource management in kernel space operations and highlights the need for careful consideration of memory allocation ordering in multi-threaded environments. The solution aligns with security best practices for kernel development and memory safety, preventing similar race conditions from occurring in related subsystems.