PT-2024-33830 · Linux+8 · Linux Kernel+8
Philip Yang
·
Published
2024-07-23
·
Updated
2026-06-16
·
CVE-2024-49991
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.58
Description:
The issue is related to the
amdkfd free gtt mem function in the Linux kernel, where a pointer reference is not correctly passed to amdgpu bo unref, potentially causing a use-after-free bug. This occurs because amdgpu bo unref clears the local variable instead of the original pointer, which is not set to NULL. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.Recommendations:
For versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting access to the
drm/amdkfd module to minimize the risk of exploitation. Avoid using the amdgpu bo unref function with the amdkfd free gtt mem function until the issue is resolved.Exploit
Fix
DoS
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu