CVE-2024-27400

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to the function amdgpu ttm move() in the Linux kernel, specifically with the drm/amdgpu module. The problem arises after moving data, where the old location becomes unavailable. To resolve this, it is suggested to call the move notification before actually moving the data, ensuring the correct order for DMA-buf and VM move notifications. Additionally, the statistic handling has been reworked to avoid updating the eviction counter before the move. The vulnerability is associated with a null pointer dereference in the amdgpu bo move() function.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-73001

BDU:2024-03935

CVE-2024-27400

SUSE-SU-2024:2008-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2135-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20249-1

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2024-27400

Weakness Enumeration

Related Identifiers

Affected Products

References · 3588