CVE-2024-46896

MEDIUM EPSS 11.5%
Published Jan 11, 20251y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jan 11, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: don't access invalid sched Since 2320c9e6a768 ("drm/sched: memset() 'job' in drm_sched_job_init()") accessing job->base.sched can produce unexpected results as the initialisation of (*job)->base.sched done in amdgpu_job_alloc is overwritten by the memset. This commit fixes an issue when a CS would fail validation and would be rejected after job->num_ibs is incremented. In this case, amdgpu_ib_free(ring->adev, ...) will be called, which would crash the machine because the ring value is bogus. To fix this, pass a NULL pointer to amdgpu_ib_free(): we can do this because the device is actually not used in this function. The next commit will remove the ring argument completely. (cherry picked from commit 2ae520cb12831d264ceb97c61f72c59d33c0dbd7)

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
11.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥6.1.120  –  <6.1.122
linuxlinux_kernel*≥6.6.66  –  <6.6.68
linuxlinux_kernel*≥6.12.5  –  <6.12.7
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/65501a4fd84ecdc0af863dbb37759242aab9f2dd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/67291d601f2b032062b1b2f60ffef1b63e10094c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a93b1020eb9386d7da11608477121b10079c076a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/da6b2c626ae73c303378ce9eaf6e3eaf16c9925a
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/65501a4fd84ecdc0af863dbb37759242aab9f2dd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/67291d601f2b032062b1b2f60ffef1b63e10094c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a93b1020eb9386d7da11608477121b10079c076a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/da6b2c626ae73c303378ce9eaf6e3eaf16c9925a
    Patch