Description

In the Linux kernel, the following vulnerability has been resolved:

drm/xe: Fix opregion leak

Being part o the display, ideally the setup and cleanup would be done by
display itself. However this is a bigger refactor that needs to be done
on both i915 and xe. For now, just fix the leak:

unreferenced object 0xffff8881a0300008 (size 192):
comm "modprobe", pid 4354, jiffies 4295647021
hex dump (first 32 bytes):
00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff ...'............
18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00 ................
backtrace (crc 99260e31):
[] kmemleak_alloc+0x4b/0x80
[] kmalloc_trace_noprof+0x312/0x3d0
[] intel_opregion_setup+0x89/0x700 [xe]
[] xe_display_init_noirq+0x2f/0x90 [xe]
[] xe_device_probe+0x7a3/0xbf0 [xe]
[] xe_pci_probe+0x333/0x5b0 [xe]
[] local_pci_probe+0x48/0xb0
[] pci_device_probe+0xc8/0x280
[] really_probe+0xf8/0x390
[] __driver_probe_device+0x8a/0x170
[] driver_probe_device+0x23/0xb0
[] __driver_attach+0xc7/0x190
[] bus_for_each_dev+0x7d/0xd0
[] driver_attach+0x1e/0x30
[] bus_add_driver+0x117/0x250

(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)

Classification

CVE ID: CVE-2024-44980

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.5

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 14.79% (scored less or equal to compared to others)

EPSS Date: 2025-06-02 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-44980
https://git.kernel.org/stable/c/f7ecdd9853dd9f34e7cdfdadfb70b8f40644ebb4
https://git.kernel.org/stable/c/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f

Timeline