CVE-2023-52691

drm/amd/pm: fix a double-free in si_dpm_init

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a double-free in si_dpm_init When the allocation of
adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails,
amdgpu_free_extended_power_table is called to free some fields of adev.
However, when the control flow returns to si_dpm_sw_init, it goes to
label dpm_failed and calls si_dpm_fini, which calls
amdgpu_free_extended_power_table again and free those fields again. Thus
a double-free is triggered.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: corrige una double free en si_dpm_init Cuando fallo la asignación de adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries, se llama a amdgpu_free_extended_power_table para liberar algunos campos de adev. Sin embargo, cuando el flujo de control regresa a si_dpm_sw_init, va a la etiqueta dpm_failed y llama a si_dpm_fini, que llama a amdgpu_free_extended_power_table nuevamente y libera esos campos nuevamente. De este modo se activa un double free.

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a double-free in si_dpm_init When the allocation of adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails, amdgpu_free_extended_power_table is called to free some fields of adev. However, when the control flow returns to si_dpm_sw_init, it goes to label dpm_failed and calls si_dpm_fini, which calls amdgpu_free_extended_power_table again and free those fields again. Thus a double-free is triggered.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-07 CVE Reserved
2024-05-17 CVE Published
2024-12-19 CVE Updated
2025-03-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/841686df9f7d2942cfd94d024b8591fa3f74ef7c	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/afe9f5b871f86d58ecdc45b217b662227d7890d0	2024-01-25
https://git.kernel.org/stable/c/06d95c99d5a4f5accdb79464076efe62e668c706	2024-01-25
https://git.kernel.org/stable/c/aeed2b4e4a70c7568d4a5eecd6a109713c0dfbf4	2024-01-25
https://git.kernel.org/stable/c/2bf47c89bbaca2bae16581ef1b28aaec0ade0334	2024-01-25
https://git.kernel.org/stable/c/f957a1be647f7fc65926cbf572992ec2747a93f2	2024-01-25
https://git.kernel.org/stable/c/fb1936cb587262cd539e84b34541abb06e42b2f9	2024-01-25
https://git.kernel.org/stable/c/ca8e2e251c65e5a712f6025e27bd9b26d16e6f4a	2024-01-25
https://git.kernel.org/stable/c/ac16667237a82e2597e329eb9bc520d1cf9dff30	2023-12-14

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9 < 4.19.306 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9 < 4.19.306"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9 < 5.4.268 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9 < 5.4.268"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9 < 5.10.209 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9 < 5.10.209"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9 < 5.15.148 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9 < 5.15.148"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9 < 6.1.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9 < 6.1.75"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9 < 6.6.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9 < 6.6.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9 < 6.7.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9 < 6.7.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9 < 6.8"		en		Affected