In the Linux kernel, the following vulnerability has been resolved:
drm/xe/tracing: Fix a potential TP_printk UAF
The commit
afd2627f727b ("tracing: Check "%s" dereference via the field and not the TP_printk format")
exposes potential UAFs in the xe_bo_move trace event.
Fix those by avoiding dereferencing the
xe_mem_type_to_name[] array at TP_printk time.
Since some code refactoring has taken place, explicit backporting may
be needed for kernels older than 6.10.
CVE ID: CVE-2024-49570
Vendor: Linux, Linux
Product: Linux, Linux
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 1.7% (scored less or equal to compared to others)
EPSS Date: 2025-03-27 (when was this score calculated)