CVE-2024-26817

amdkfd: use calloc instead of kzalloc to avoid integer overflow

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

amdkfd: use calloc instead of kzalloc to avoid integer overflow

This uses calloc instead of doing the multiplication which might
overflow.

En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: amdkfd: usa calloc en lugar de kzalloc para evitar el desbordamiento de enteros. Esto usa calloc en lugar de hacer la multiplicación que podría desbordarse.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-13 CVE Published
2024-04-14 EPSS Updated
2024-04-14 First Exploit
2024-11-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (11)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC
https://github.com/MaherAzzouzi/CVE-2024-26817-amdkfd	2024-04-14

URL	Date	SRC
https://git.kernel.org/stable/c/e6721ea845fcb93a764a92bd40f1afc0d6c69751	2024-04-13
https://git.kernel.org/stable/c/8b0564704255c6b3c6a7188e86939f754e1577c0	2024-04-13
https://git.kernel.org/stable/c/fcbd99b3c73309107e3be71f20dff9414df64f91	2024-04-13
https://git.kernel.org/stable/c/cbac7de1d9901521e78cdc34e15451df3611f2ad	2024-04-13
https://git.kernel.org/stable/c/e6768c6737f4c02cba193a3339f0cc2907f0b86a	2024-04-13
https://git.kernel.org/stable/c/315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7	2024-04-13
https://git.kernel.org/stable/c/0c33d11153949310d76631d8f4a4736519eacd3a	2024-04-13
https://git.kernel.org/stable/c/3b0daecfeac0103aba8b293df07a0cbaf8b43f29	2024-04-12

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.312 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.312"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.274 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.274"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.215 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.215"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.155 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.155"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.86 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.86"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.27 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.27"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.8.6 Search vendor "Linux" for product "Linux Kernel" and version " < 6.8.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.9 Search vendor "Linux" for product "Linux Kernel" and version " < 6.9"		en		Affected