FKIE_CVE-2024-49989

Vulnerability from fkie_nvd - Published: 2024-10-21 18:15 - Updated: 2025-11-03 20:16
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix double free issue during amdgpu module unload Flexible endpoints use DIGs from available inflexible endpoints, so only the encoders of inflexible links need to be freed. Otherwise, a double free issue may occur when unloading the amdgpu module. [ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0 [ 279.190577] Call Trace: [ 279.190580] <TASK> [ 279.190582] ? show_regs+0x69/0x80 [ 279.190590] ? die+0x3b/0x90 [ 279.190595] ? do_trap+0xc8/0xe0 [ 279.190601] ? do_error_trap+0x73/0xa0 [ 279.190605] ? __slab_free+0x152/0x2f0 [ 279.190609] ? exc_invalid_op+0x56/0x70 [ 279.190616] ? __slab_free+0x152/0x2f0 [ 279.190642] ? asm_exc_invalid_op+0x1f/0x30 [ 279.190648] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191096] ? __slab_free+0x152/0x2f0 [ 279.191102] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191469] kfree+0x260/0x2b0 [ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191821] link_destroy+0xd7/0x130 [amdgpu] [ 279.192248] dc_destruct+0x90/0x270 [amdgpu] [ 279.192666] dc_destroy+0x19/0x40 [amdgpu] [ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu] [ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu] [ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu] [ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu] [ 279.194436] amdgpu_pci_remove+0x40/0x80 [amdgpu] [ 279.194632] pci_device_remove+0x3a/0xa0 [ 279.194638] device_remove+0x40/0x70 [ 279.194642] device_release_driver_internal+0x1ad/0x210 [ 279.194647] driver_detach+0x4e/0xa0 [ 279.194650] bus_remove_driver+0x6f/0xf0 [ 279.194653] driver_unregister+0x33/0x60 [ 279.194657] pci_unregister_driver+0x44/0x90 [ 279.194662] amdgpu_exit+0x19/0x1f0 [amdgpu] [ 279.194939] __do_sys_delete_module.isra.0+0x198/0x2f0 [ 279.194946] __x64_sys_delete_module+0x16/0x20 [ 279.194950] do_syscall_64+0x58/0x120 [ 279.194954] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 279.194980] </TASK>
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/20b5a8f9f4670a8503aa9fa95ca632e77c6bf55dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3c0ff4de45ce2c5f7997a1ffa6eefee4b79e6b58Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/43c296870740a3a264cdca9f18db12e12e9cfbdb
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7af9e6fa63dbd43a61d4ecc8f59426596a75e507Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cf6f3ebd6312d465fee096d1f58089b177c7c67fPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/df948b5ba6858d5da34f622d408e5517057cec07
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B527B5F-BDDA-424E-932E-16FCAAB575E2",
              "versionEndExcluding": "6.6.55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021",
              "versionEndExcluding": "6.10.14",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9",
              "versionEndExcluding": "6.11.3",
              "versionStartIncluding": "6.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix double free issue during amdgpu module unload\n\nFlexible endpoints use DIGs from available inflexible endpoints,\nso only the encoders of inflexible links need to be freed.\nOtherwise, a double free issue may occur when unloading the\namdgpu module.\n\n[  279.190523] RIP: 0010:__slab_free+0x152/0x2f0\n[  279.190577] Call Trace:\n[  279.190580]  \u003cTASK\u003e\n[  279.190582]  ? show_regs+0x69/0x80\n[  279.190590]  ? die+0x3b/0x90\n[  279.190595]  ? do_trap+0xc8/0xe0\n[  279.190601]  ? do_error_trap+0x73/0xa0\n[  279.190605]  ? __slab_free+0x152/0x2f0\n[  279.190609]  ? exc_invalid_op+0x56/0x70\n[  279.190616]  ? __slab_free+0x152/0x2f0\n[  279.190642]  ? asm_exc_invalid_op+0x1f/0x30\n[  279.190648]  ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[  279.191096]  ? __slab_free+0x152/0x2f0\n[  279.191102]  ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[  279.191469]  kfree+0x260/0x2b0\n[  279.191474]  dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[  279.191821]  link_destroy+0xd7/0x130 [amdgpu]\n[  279.192248]  dc_destruct+0x90/0x270 [amdgpu]\n[  279.192666]  dc_destroy+0x19/0x40 [amdgpu]\n[  279.193020]  amdgpu_dm_fini+0x16e/0x200 [amdgpu]\n[  279.193432]  dm_hw_fini+0x26/0x40 [amdgpu]\n[  279.193795]  amdgpu_device_fini_hw+0x24c/0x400 [amdgpu]\n[  279.194108]  amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu]\n[  279.194436]  amdgpu_pci_remove+0x40/0x80 [amdgpu]\n[  279.194632]  pci_device_remove+0x3a/0xa0\n[  279.194638]  device_remove+0x40/0x70\n[  279.194642]  device_release_driver_internal+0x1ad/0x210\n[  279.194647]  driver_detach+0x4e/0xa0\n[  279.194650]  bus_remove_driver+0x6f/0xf0\n[  279.194653]  driver_unregister+0x33/0x60\n[  279.194657]  pci_unregister_driver+0x44/0x90\n[  279.194662]  amdgpu_exit+0x19/0x1f0 [amdgpu]\n[  279.194939]  __do_sys_delete_module.isra.0+0x198/0x2f0\n[  279.194946]  __x64_sys_delete_module+0x16/0x20\n[  279.194950]  do_syscall_64+0x58/0x120\n[  279.194954]  entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[  279.194980]  \u003c/TASK\u003e"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: se soluciona el problema de doble liberaci\u00f3n durante la descarga del m\u00f3dulo amdgpu Los endpoints flexibles usan DIG de endpoints inflexibles disponibles, por lo que solo es necesario liberar los codificadores de enlaces inflexibles. De lo contrario, puede ocurrir un problema de doble liberaci\u00f3n al descargar el m\u00f3dulo amdgpu. [ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0 [ 279.190577] Seguimiento de llamadas: [ 279.190580]  [ 279.190582] ? show_regs+0x69/0x80 [ 279.190590] ? die+0x3b/0x90 [ 279.190595] ? do_trap+0xc8/0xe0 [279.190601]? do_error_trap+0x73/0xa0 [279.190605]? __slab_free+0x152/0x2f0 [279.190609]? exc_invalid_op+0x56/0x70 [ 279.190616] ? __slab_free+0x152/0x2f0 [ 279.190642] ? asm_exc_invalid_op+0x1f/0x30 [ 279.190648] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191096] ? __slab_free+0x152/0x2f0 [279.191102]? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191469] kfree+0x260/0x2b0 [ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191821] /0x130 [amdgpu] [ 279.192248] dc_destruct+0x90/0x270 [amdgpu] [ 279.192666] dc_destroy+0x19/0x40 [amdgpu] [ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu] [ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu] [ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu] [ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu] [ 279.194436] amdgpu_pci_remove+0x40/0x80 [amdgpu] [ 279.194632] pci_device_remove+0x3a/0xa0 [ 279.194638] device_remove+0x40/0x70 [ 279.194642] device_release_driver_internal+0x1ad/0x210 [ 279.194647] driver_detach+0x4e/0xa0 [ 279.194650] bus_remove_driver+0x6f/0xf0 [ 279.194653] driver_unregister+0x33/0x60 [ 279.194657] ister_driver+0x44/0x90 [ 279.194662] amdgpu_exit+0x19/0x1f0 [amdgpu] [ 279.194939 ] __do_sys_delete_module.isra.0+0x198/0x2f0 [ 279.194946] __x64_sys_delete_module+0x16/0x20 [ 279.194950] do_syscall_64+0x58/0x120 [ 279.194954] Entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 279.194980] "
    }
  ],
  "id": "CVE-2024-49989",
  "lastModified": "2025-11-03T20:16:34.673",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-21T18:15:19.207",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/20b5a8f9f4670a8503aa9fa95ca632e77c6bf55d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3c0ff4de45ce2c5f7997a1ffa6eefee4b79e6b58"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/43c296870740a3a264cdca9f18db12e12e9cfbdb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/7af9e6fa63dbd43a61d4ecc8f59426596a75e507"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/cf6f3ebd6312d465fee096d1f58089b177c7c67f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/df948b5ba6858d5da34f622d408e5517057cec07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-415"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.