CVE-2024-49570

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/tracing: Fix a potential TP_printk UAF

The commit afd2627f727b ("tracing: Check "%s" dereference via the field and not the TP_printk format") exposes potential UAFs in the xe_bo_move trace event.

Fix those by avoiding dereferencing the xe_mem_type_to_name[] array at TP_printk time.

Since some code refactoring has taken place, explicit backporting may be needed for kernels older than 6.10.

Published: Feb 27, 2025
Updated: May 4, 2025
CVE: CVE-2024-49570
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	6.13	6.13.4
linux / linux_kernel	6.11	6.12.16

https://git.kernel.org/stable/c/07089083a526ea19daa72a1edf9d6e209615b77c
https://git.kernel.org/stable/c/62cd174616ae3bf8a6cf468718f1ae74e5a07727
https://git.kernel.org/stable/c/c9402da34611e1039ecccba3c1481c4866f7ca64

Vulnerability Database

CVE-2024-49570