CVE-2024-50174

drm/panthor: Fix race when converting group handle to group object

Description

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race when converting group handle to group object XArray provides it's own internal lock which protects the internal array when entries are being simultaneously added and removed. However there is still a race between retrieving the pointer from the XArray and incrementing the reference count. To avoid this race simply hold the internal XArray lock when incrementing the reference count, this ensures there cannot be a racing call to xa_erase().

Category

4.7
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/8a585d553c11965332d7a2d74e79ef92a42bfc87 patch
https://git.kernel.org/stable/c/44742138d151c3a945460ae7beff8ae45ac0bf58 patch
https://git.kernel.org/stable/c/cac075706f298948898b1f63e81709df42afa75d patch

Frequently Asked Questions

What is the severity of CVE-2024-50174?
CVE-2024-50174 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50174?
To fix CVE-2024-50174, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50174 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-50174 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50174?
CVE-2024-50174 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.