PT-2025-2750 · Linux+3 · Linux Kernel+3

Published

2024-12-06

Updated

2025-09-23

CVE-2024-46896

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.74

Description: The issue is related to the Linux kernel, specifically in the drm/amdgpu component. It occurs when a CS fails validation and is rejected after job->num ibs is incremented, leading to a crash due to a bogus ring value. The problem arises because the initialization of (*job)->base.sched done in amdgpu job alloc is overwritten by memset. To fix this, a NULL pointer is passed to amdgpu ib free(), as the device is not used in this function.

Recommendations: For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider modifying the amdgpu ib free() function to accept a NULL pointer, but this should be done with caution and ideally by applying the official patch.

Exploit

Fix

NULL Pointer Dereference

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-119

Related Identifiers

BDU:2025-04571

CVE-2024-46896

DLA-4076-1

MGASA-2025-0030

MGASA-2025-0032

OPENSUSE-SU-2025_0428-1

OPENSUSE-SU-2025_0499-1

OPENSUSE-SU-2025_0557-1

SUSE-SU-2025:0289-1

SUSE-SU-2025:0428-1

SUSE-SU-2025:0499-1

SUSE-SU-2025:0557-1

SUSE-SU-2025:20165-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20248-1

SUSE-SU-2025:20249-1

SUSE-SU-2025_0428-1

SUSE-SU-2025_0499-1

SUSE-SU-2025_0557-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2025-2750 · Linux+3 · Linux Kernel+3

CVE-2024-46896

Weakness Enumeration

Related Identifiers

Affected Products

References · 1477