CVE-2024-46896
drm/amdgpu: don't access invalid sched
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: don't access invalid sched Since 2320c9e6a768 ("drm/sched: memset() 'job' in drm_sched_job_init()")
accessing job->base.sched can produce unexpected results as the initialisation
of (*job)->base.sched done in amdgpu_job_alloc is overwritten by the
memset. This commit fixes an issue when a CS would fail validation and would
be rejected after job->num_ibs is incremented. In this case,
amdgpu_ib_free(ring->adev, ...) will be called, which would crash the
machine because the ring value is bogus. To fix this, pass a NULL pointer to amdgpu_ib_free(): we can do this
because the device is actually not used in this function. The next commit will remove the ring argument completely. (cherry picked from commit 2ae520cb12831d264ceb97c61f72c59d33c0dbd7)
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: don't access invalid sched Since 2320c9e6a768 ("drm/sched: memset() 'job' in drm_sched_job_init()") accessing job->base.sched can produce unexpected results as the initialisation of (*job)->base.sched done in amdgpu_job_alloc is overwritten by the memset. This commit fixes an issue when a CS would fail validation and would be rejected after job->num_ibs is incremented. In this case, amdgpu_ib_free(ring->adev, ...) will be called, which would crash the machine because the ring value is bogus. To fix this, pass a NULL pointer to amdgpu_ib_free(): we can do this because the device is actually not used in this function. The next commit will remove the ring argument completely. (cherry picked from commit 2ae520cb12831d264ceb97c61f72c59d33c0dbd7)
CVSS Scores
SSVC
- Decision:-
Timeline
- 2025-01-11 CVE Reserved
- 2025-01-11 CVE Published
- 2025-01-11 CVE Updated
- ---------- EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/166df51487f46b6e997dfeea7ca0c2a970853f07 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/87210234e5a273ebf9c4110a6aa82b8221478daa | Vuln. Introduced | |
| https://git.kernel.org/stable/c/2da108b4b5fb7ec04d7e951418ed80e97f7c35ad | Vuln. Introduced | |
| https://git.kernel.org/stable/c/2320c9e6a768d135c7b0039995182bb1a4e4fd22 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.120 < 6.1.122 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.120 < 6.1.122" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6.66 < 6.6.68 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.66 < 6.6.68" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.12.5 < 6.12.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.12.5 < 6.12.7" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.13-rc1 < 6.13-rc4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.13-rc1 < 6.13-rc4" | en |
Affected
| ||||||