{"timestamp":"2024-09-29T14:03:11.555516Z","id":"CVE-2024-46837","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/panthor/panthor_drv.c","drivers/gpu/drm/panthor/panthor_sched.c","include/uapi/drm/panthor_drm.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"de85488138247d034eb3241840424a54d660926b","lessThan":"33eb0344e186a2bcc257c6c5a6e65c1cb42adb4a","versionType":"git","status":"affected"},{"version":"de85488138247d034eb3241840424a54d660926b","lessThan":"5f7762042f8a5377bd8a32844db353c0311a7369","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/panthor/panthor_drv.c","drivers/gpu/drm/panthor/panthor_sched.c","include/uapi/drm/panthor_drm.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","versionType":"semver","status":"unaffected"},{"version":"6.10.10","lessThanOrEqual":"6.10.*","versionType":"semver","status":"unaffected"},{"version":"6.11","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]

NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

NIST NVD-CWE-noinfo

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.10 up to (excluding) 6.10.10
     *cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*

https://git.kernel.org/stable/c/33eb0344e186a2bcc257c6c5a6e65c1cb42adb4a No Types Assigned

https://git.kernel.org/stable/c/33eb0344e186a2bcc257c6c5a6e65c1cb42adb4a Patch

https://git.kernel.org/stable/c/5f7762042f8a5377bd8a32844db353c0311a7369 No Types Assigned

https://git.kernel.org/stable/c/5f7762042f8a5377bd8a32844db353c0311a7369 Patch

In the Linux kernel, the following vulnerability has been resolved:

drm/panthor: Restrict high priorities on group_create

We were allowing any users to create a high priority group without any
permission checks. As a result, this was allowing possible denial of
service.

We now only allow the DRM master or users with the CAP_SYS_NICE
capability to set higher priorities than PANTHOR_GROUP_PRIORITY_MEDIUM.

As the sole user of that uAPI lives in Mesa and hardcode a value of
MEDIUM [1], this should be safe to do.

Additionally, as those checks are performed at the ioctl level,
panthor_group_create now only check for priority level validity.

[1]https://gitlab.freedesktop.org/mesa/mesa/-/blob/f390835074bdf162a63deb0311d1a6de527f9f89/src/gallium/drivers/panfrost/pan_csf.c#L1038

kernel.org https://git.kernel.org/stable/c/33eb0344e186a2bcc257c6c5a6e65c1cb42adb4a [No types assigned]

kernel.org https://git.kernel.org/stable/c/5f7762042f8a5377bd8a32844db353c0311a7369 [No types assigned]