CVE-2024-46867
📋 TL;DR
A race condition and deadlock vulnerability in the Linux kernel's Direct Rendering Manager (DRM) Xe graphics driver could allow local attackers to cause a kernel panic or system crash. This affects systems running vulnerable Linux kernel versions with Intel Xe graphics hardware. The vulnerability requires local access to exploit.
💻 Affected Systems
- Linux kernel with Intel Xe graphics driver (drm/xe)
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise or persistent denial of service through kernel panic.
Likely Case
System crash or kernel panic requiring reboot, potentially causing data loss or service disruption.
If Mitigated
Limited impact with proper access controls preventing local user execution of vulnerable code paths.
🎯 Exploit Status
Requires local access and knowledge of specific graphics operations to trigger the deadlock condition.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commit 0083b8e6f11d7662283a267d4ce7c966812ffd8a or backported fixes
Vendor Advisory: https://git.kernel.org/stable/c/9bd7ff293fc84792514aeafa06c5a17f05cb5f4b
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable Xe graphics driver
linuxPrevent loading of the vulnerable drm/xe kernel module
echo 'blacklist xe' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict local user access to systems with Xe graphics hardware
- Implement strict access controls and monitoring for graphics-related system calls
🔍 How to Verify
Check if Vulnerable:
Check if Xe driver is loaded: lsmod | grep xe. Check kernel version against patched releases.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and Xe driver loads without issues in dmesg logs.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in dmesg
- Graphics driver deadlock warnings
- System crash/reboot events
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("panic" OR "deadlock" OR "xe" OR "drm")