CVE-2024-44979: 
Linux Debian vulnerability analysis and mitigation

CVE-2024-44979 affects the Linux kernel's DRM/XE driver subsystem. The vulnerability was discovered in the pagefault handling mechanism where workqueues were not properly destroyed during driver reload operations. This issue affects Linux kernel versions from 6.8 up to (excluding) 6.10.7, as well as 6.11 release candidates (rc1-rc4) (NVD).

The vulnerability stems from a memory leak in the xegtpagefault component where the pagefault and access counter workqueues were not being freed up during driver reload operations. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability was identified as CWE-401: Missing Release of Memory after Effective Lifetime (NVD).

The vulnerability results in a memory leak condition when the DRM/XE driver is reloaded, as the memory allocated for pagefault and access counter workqueues is not properly freed. This can lead to resource exhaustion over time, potentially affecting system stability and performance (Kernel Patch).

The vulnerability has been patched in the Linux kernel by adding proper workqueue destruction calls in the pagefault_fini function. The fix has been implemented in various Ubuntu kernel versions, including 6.8.0-50.51 for Ubuntu 24.04 LTS and corresponding versions for other supported releases (Ubuntu Security). Users are advised to update their systems to the patched kernel versions.