CVE-2024-50090: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2024-50090) has been identified and resolved in the drm/xe/oa component, specifically related to a buffer overflow issue. The vulnerability was discovered in the batch buffer handling mechanism where xe_bb_create_job() by default appends a MI_BATCH_BUFFER_END to the batch buffer. While this works correctly for single-use buffers, it causes an overflow when the batch buffer is reused for the same metric, as it repeatedly appends MI_BATCH_BUFFER_END at each call (Kernel Patch).

The vulnerability manifests when the batch buffer is reused for the same metric, causing multiple MI_BATCH_BUFFER_END commands to be appended, leading to a buffer overflow condition. This results in an assertion failure: 'bb->len * 4 + bb_prefetch(q->gt) <= size'. The issue affects systems running the Linux kernel with the Xe graphics driver, particularly on platforms like LUNARLAKE with Xe2_LPG / Xe2_HPG graphics (NVD). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

The vulnerability can lead to a buffer overflow condition in the kernel's graphics subsystem, potentially causing system crashes or denial of service. The issue specifically affects the operation of the Xe graphics driver's OA (Output Analysis) functionality (Kernel Patch).

The vulnerability has been patched in the Linux kernel by modifying the xe_bb_create_job() function to check if the batch buffer already has MI_BATCH_BUFFER_END before appending it. The fix involves adding a condition to verify the buffer's current state: 'if (bb->len == 0 || bb->cs[bb->len - 1] != MI_BATCH_BUFFER_END)' before appending the MI_BATCH_BUFFER_END command (Kernel Patch).