CVE-2024-26656

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.28

Description A use-after-free bug has been identified in the Linux kernel, specifically in the AMDGPU DRM driver. This bug can be triggered by sending a single amdgpu gem userptr ioctl to the AMDGPU DRM driver with an invalid address and size. The issue arises from a failure in amdgpu hmm register, which still calls amdgpu hmm unregister into amdgpu gem object free, resulting in access to a bad address. The bug was reported by Joonkyo Jung and can be reproduced with a specific code example.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.28 or later. As a temporary workaround, consider disabling the amdgpu gem userptr ioctl function until a patch is available. Restrict access to the vulnerable amdgpu module to minimize the risk of exploitation. Avoid using the addr and size parameters in the affected amdgpu gem userptr ioctl API endpoint until the issue is resolved.