CVE-2024-35817: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
First published: Fri May 17 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Otherwise after the GTT bo is released, the GTT and gart space is freed but amdgpu_ttm_backend_unbind will not clear the gart page table entry and leave valid mapping entry pointing to the stale system page. Then if GPU access the gart address mistakely, it will read undefined value instead page fault, harder to debug and reproduce the real issue.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <5.15.154 | 5.15.154 |
| redhat/kernel | <6.1.84 | 6.1.84 |
| redhat/kernel | <6.6.24 | 6.6.24 |
| redhat/kernel | <6.7.12 | 6.7.12 |
| redhat/kernel | <6.8.3 | 6.8.3 |
| redhat/kernel | <6.9 | 6.9 |
| debian/linux | <=5.10.223-1<=5.10.226-1 | 6.1.123-1 6.1.119-1 6.12.11-1 6.12.12-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/589c414138a1bed98e652c905937d8f790804efe
- https://git.kernel.org/stable/c/5cdce3dda3b3dacde902f63a8ee72c2b7f91912d
- https://git.kernel.org/stable/c/5d5f1a7f3b1039925f79c7894f153c2a905201fb
- https://git.kernel.org/stable/c/6c6064cbe58b43533e3451ad6a8ba9736c109ac3
- https://git.kernel.org/stable/c/6fcd12cb90888ef2d8af8d4c04e913252eee4ef3
- https://git.kernel.org/stable/c/e8d27caef2c829a306e1f762fb95f06e8ec676f6
- https://launchpad.net/bugs/cve/CVE-2024-35817
- https://access.redhat.com/security/cve/CVE-2024-35817
- https://lore.kernel.org/linux-cve-announce/2024051743-CVE-2024-35817-d29b@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2281203
- https://access.redhat.com/errata/RHSA-2024:9315
- https://bugzilla.redhat.com/show_bug.cgi?id=2281202
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35817
- https://nvd.nist.gov/vuln/detail/CVE-2024-35817
- https://security-tracker.debian.org/tracker/CVE-2024-35817
- https://ubuntu.com/security/CVE-2024-35817
- https://git.kernel.org/linus/6c6064cbe58b43533e3451ad6a8ba9736c109ac3
Frequently Asked Questions
What is the severity of CVE-2024-35817?
CVE-2024-35817 is a critical vulnerability in the Linux kernel affecting the amdgpu driver, which could lead to system instability or unauthorized access.
How do I fix CVE-2024-35817?
To fix CVE-2024-35817, upgrade to the latest kernel versions 5.15.154, 6.1.84, 6.6.24, 6.7.12, 6.8.3, or 6.9 for Red Hat and versions 6.1.123-1, 6.1.119-1, 6.12.10-1, or 6.12.11-1 for Debian.
Which software versions are affected by CVE-2024-35817?
CVE-2024-35817 affects older versions of the Linux kernel including certain versions prior to 5.15.154 and those in the 6.x series up to 6.9.
What component of the Linux kernel does CVE-2024-35817 impact?
CVE-2024-35817 impacts the amdgpu driver in the Linux kernel, specifically affecting GTT and GART memory management.
Is there a known exploit for CVE-2024-35817?
As of now, there are no publicly disclosed exploits for CVE-2024-35817, but it is advised to patch systems to mitigate potential risks.
- agent/title
- agent/type
- collector/nvd-api
- source/NVD
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-35817
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/event
- collector/nvd-cve
- collector/mitre-cve
- source/MITRE
- agent/description
- agent/severity
- agent/last-modified-date
- agent/references
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- package-manager/debian