CVE-2024-53084: 
Linux Debian vulnerability analysis and mitigation

CVE-2024-53084 affects the Linux kernel's DRM (Direct Rendering Manager) Imagination driver. The vulnerability was discovered when remaining resources are being cleaned up on driver close, where outstanding VM mappings may result in resources being leaked due to an object reference loop. This issue affects Linux kernel versions up to (excluding) 6.11.8 and various 6.12 release candidates (NVD, Kernel Patch).

The vulnerability stems from an object reference loop in the DRM Imagination driver where each object references the object below it in the following sequence: PVR GEM Object → GPU scheduler 'finished' fence → GPU scheduler 'scheduled' fence → PVR driver 'done' fence → PVR Context → PVR VM Context → PVR VM Mappings → PVR GEM Object. The reference that the PVR VM Context has on the VM mappings is a soft one, where freeing of outstanding VM mappings is done as part of VM context destruction without reference counts, unlike other references in the loop (Kernel Patch).

The vulnerability can lead to resource leaks when cleaning up resources during driver close operations. This occurs specifically when there are outstanding VM mappings present in the system (NVD).

The vulnerability has been patched by breaking the reference loop during cleanup. The fix involves freeing the outstanding VM mappings before destroying the PVR Context associated with the VM context. Users should update their Linux kernel to version 6.11.8 or later to receive the fix (Kernel Patch).