Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-vulnerable / . / cve / published / 2024 / CVE-2024-46896.json
blob: 4de69fffaa48de2e9f16f522eb237761944b5e71 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: don't access invalid sched\n\nSince 2320c9e6a768 (\"drm/sched: memset() 'job' in drm_sched_job_init()\")\naccessing job->base.sched can produce unexpected results as the initialisation\nof (*job)->base.sched done in amdgpu_job_alloc is overwritten by the\nmemset.\n\nThis commit fixes an issue when a CS would fail validation and would\nbe rejected after job->num_ibs is incremented. In this case,\namdgpu_ib_free(ring->adev, ...) will be called, which would crash the\nmachine because the ring value is bogus.\n\nTo fix this, pass a NULL pointer to amdgpu_ib_free(): we can do this\nbecause the device is actually not used in this function.\n\nThe next commit will remove the ring argument completely.\n\n(cherry picked from commit 2ae520cb12831d264ceb97c61f72c59d33c0dbd7)"
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_job.c"
],
"versions": [
{
"version": "166df51487f46b6e997dfeea7ca0c2a970853f07",
"lessThan": "65501a4fd84ecdc0af863dbb37759242aab9f2dd",
"status": "affected",
"versionType": "git"
},
{
"version": "87210234e5a273ebf9c4110a6aa82b8221478daa",
"lessThan": "da6b2c626ae73c303378ce9eaf6e3eaf16c9925a",
"status": "affected",
"versionType": "git"
},
{
"version": "2da108b4b5fb7ec04d7e951418ed80e97f7c35ad",
"lessThan": "67291d601f2b032062b1b2f60ffef1b63e10094c",
"status": "affected",
"versionType": "git"
},
{
"version": "2320c9e6a768d135c7b0039995182bb1a4e4fd22",
"lessThan": "a93b1020eb9386d7da11608477121b10079c076a",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_job.c"
],
"versions": [
{
"version": "6.1.120",
"lessThan": "6.1.122",
"status": "affected",
"versionType": "semver"
},
{
"version": "6.6.66",
"lessThan": "6.6.68",
"status": "affected",
"versionType": "semver"
},
{
"version": "6.12.5",
"lessThan": "6.12.7",
"status": "affected",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.120",
"versionEndExcluding": "6.1.122"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.66",
"versionEndExcluding": "6.6.68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.12.5",
"versionEndExcluding": "6.12.7"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/65501a4fd84ecdc0af863dbb37759242aab9f2dd"
},
{
"url": "https://git.kernel.org/stable/c/da6b2c626ae73c303378ce9eaf6e3eaf16c9925a"
},
{
"url": "https://git.kernel.org/stable/c/67291d601f2b032062b1b2f60ffef1b63e10094c"
},
{
"url": "https://git.kernel.org/stable/c/a93b1020eb9386d7da11608477121b10079c076a"
}
],
"title": "drm/amdgpu: don't access invalid sched",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2024-46896",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}