How severe is CVE-2024-50090?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-50090?

This is classified as CWE-120, which is a common weakness in software security.

CVE-2024-50090

MEDIUM Year: 2024

CVSS v3 Score

5.5

Medium

Weakness Type

CWE-120

View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix overflow in oa batch buffer By default xe_bb_create_job() appends a MI_BATCH_BUFFER_END to batch buffer, this is not a problem if batch buffer is only used once but oa reuses the batch buffer for the same metric and at each call it appends a MI_BATCH_BUFFER_END, printing the warning below and then overflowing. [ 381.072016] ------------[ cut here ]------------ [ 381.072019] xe 0000:00:02.0: [drm] Assertion `bb->len * 4 + bb_prefetch(q->gt) <= size` failed! platform: LUNARLAKE subplatform: 1 graphics: Xe2_LPG / Xe2_HPG 20.04 step B0 media: Xe2_LPM / Xe2_HPM 20.00 step B0 tile: 0 VRAM 0 B GT: 0 type 1 So here checking if batch buffer already have MI_BATCH_BUFFER_END if not append it. v2: - simply fix, suggestion from Ashutosh (cherry picked from commit 9ba0e0f30ca42a98af3689460063edfb6315718a)

CVE-2008-3275

MEDIUM

CVSS:5.5(Medium)

The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) di...

CWE-1202008

CVE-2011-3353

MEDIUM

CVSS:5.5(Medium)

Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev.c in the Linux kernel before 3.1 allows local users to cause a denial of service (BUG_ON and system crash) by leveraging the abil...

CWE-1202011

CVE-2015-20109

MEDIUM

CVSS:5.5(Medium)

end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrat...

CWE-1202015

CVE-2015-7890

MEDIUM

CVSS:5.5(Medium)

Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via ...

CWE-1202015

CVE-2016-10066

MEDIUM

CVSS:5.5(Medium)

Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file.

CWE-1202016

CVE-2019-10882

MEDIUM

CVSS:5.5(Medium)

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this ser...

CWE-1202019

CVE-2024-50090

Vulnerability Description

Related Vulnerabilities

CVE-2008-3275

CVE-2011-3353

CVE-2015-20109

CVE-2015-7890

CVE-2016-10066

CVE-2019-10882