CVE-2024-49991

drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer

EPSS 0.3%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

21 Oct 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to clear the correct pointer, otherwise amdgpu_bo_unref clear the local variable, the original pointer not set to NULL, this could cause use-after-free bug.

Affected products

Linux · Linux

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://git.kernel.org/stable/c/30ceb873cc2e97348d9da2265b2d1ddf07f682e1 https://git.kernel.org/stable/c/6c9289806591807e4e3be9a23df8ee2069180055 https://git.kernel.org/stable/c/71f3240f82987f0f070ea5bed559033de7d4c0e1 https://git.kernel.org/stable/c/c86ad39140bbcb9dc75a10046c2221f657e8083b https://git.kernel.org/stable/c/e7831613cbbcd9058d3658fbcdc5d5884ceb2e0c https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html