CVE-2024-35817: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
First published: Fri May 17 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Otherwise after the GTT bo is released, the GTT and gart space is freed but amdgpu_ttm_backend_unbind will not clear the gart page table entry and leave valid mapping entry pointing to the stale system page. Then if GPU access the gart address mistakely, it will read undefined value instead page fault, harder to debug and reproduce the real issue.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux | <=5.10.218-1<=5.10.221-1 | 6.1.94-1 6.1.99-1 6.9.10-1 6.9.12-1 |
| ubuntu/linux | <5.15.0-116.126 | 5.15.0-116.126 |
| ubuntu/linux | <6.8.0-35.35 | 6.8.0-35.35 |
| ubuntu/linux | <6.9~ | 6.9~ |
| ubuntu/linux-aws | <5.15.0-1065.71 | 5.15.0-1065.71 |
| ubuntu/linux-aws | <6.8.0-1009.9 | 6.8.0-1009.9 |
| ubuntu/linux-aws | <6.9~ | 6.9~ |
| ubuntu/linux-aws-5.15 | <5.15.0-1065.71~20.04.1 | 5.15.0-1065.71~20.04.1 |
| ubuntu/linux-aws-5.15 | <6.9~ | 6.9~ |
| ubuntu/linux-aws-5.4 | <6.9~ | 6.9~ |
| ubuntu/linux-aws-6.5 | <6.9~ | 6.9~ |
| ubuntu/linux-aws-fips | <6.9~ | 6.9~ |
| ubuntu/linux-aws-hwe | <6.9~ | 6.9~ |
| ubuntu/linux-azure | <5.15.0-1068.77 | 5.15.0-1068.77 |
| ubuntu/linux-azure | <6.8.0-1008.8 | 6.8.0-1008.8 |
| ubuntu/linux-azure | <6.9~ | 6.9~ |
| ubuntu/linux-azure-4.15 | <6.9~ | 6.9~ |
| ubuntu/linux-azure-5.15 | <5.15.0-1068.77~20.04.1 | 5.15.0-1068.77~20.04.1 |
| ubuntu/linux-azure-5.15 | <6.9~ | 6.9~ |
| ubuntu/linux-azure-5.4 | <6.9~ | 6.9~ |
| ubuntu/linux-azure-6.5 | <6.9~ | 6.9~ |
| ubuntu/linux-azure-fde | <5.15.0-1068.77.1 | 5.15.0-1068.77.1 |
| ubuntu/linux-azure-fde | <6.9~ | 6.9~ |
| ubuntu/linux-azure-fde-5.15 | <5.15.0-1068.77~20.04.1.1 | 5.15.0-1068.77~20.04.1.1 |
| ubuntu/linux-azure-fde-5.15 | <6.9~ | 6.9~ |
| ubuntu/linux-azure-fips | <6.9~ | 6.9~ |
| ubuntu/linux-bluefield | <6.9~ | 6.9~ |
| ubuntu/linux-fips | <6.9~ | 6.9~ |
| ubuntu/linux-gcp | <5.15.0-1064.72 | 5.15.0-1064.72 |
| ubuntu/linux-gcp | <6.8.0-1008.9 | 6.8.0-1008.9 |
| ubuntu/linux-gcp | <6.9~ | 6.9~ |
| ubuntu/linux-gcp-4.15 | <6.9~ | 6.9~ |
| ubuntu/linux-gcp-5.15 | <5.15.0-1065.73~20.04.1 | 5.15.0-1065.73~20.04.1 |
| ubuntu/linux-gcp-5.15 | <6.9~ | 6.9~ |
| ubuntu/linux-gcp-5.4 | <6.9~ | 6.9~ |
| ubuntu/linux-gcp-6.5 | <6.9~ | 6.9~ |
| ubuntu/linux-gcp-fips | <6.9~ | 6.9~ |
| ubuntu/linux-gke | <5.15.0-1062.68 | 5.15.0-1062.68 |
| ubuntu/linux-gke | <6.8.0-1004.7 | 6.8.0-1004.7 |
| ubuntu/linux-gke | <6.9~ | 6.9~ |
| ubuntu/linux-gkeop | <5.15.0-1048.55 | 5.15.0-1048.55 |
| ubuntu/linux-gkeop | <6.9~ | 6.9~ |
| ubuntu/linux-gkeop-5.15 | <5.15.0-1048.55~20.04.1 | 5.15.0-1048.55~20.04.1 |
| ubuntu/linux-gkeop-5.15 | <6.9~ | 6.9~ |
| ubuntu/linux-hwe | <6.9~ | 6.9~ |
| ubuntu/linux-hwe-5.15 | <5.15.0-116.126~20.04.1 | 5.15.0-116.126~20.04.1 |
| ubuntu/linux-hwe-5.15 | <6.9~ | 6.9~ |
| ubuntu/linux-hwe-5.4 | <6.9~ | 6.9~ |
| ubuntu/linux-hwe-6.5 | <6.9~ | 6.9~ |
| ubuntu/linux-ibm | <5.15.0-1058.61 | 5.15.0-1058.61 |
| ubuntu/linux-ibm | <6.8.0-1006.6 | 6.8.0-1006.6 |
| ubuntu/linux-ibm | <6.9~ | 6.9~ |
| ubuntu/linux-ibm-5.15 | <5.15.0-1058.61~20.04.1 | 5.15.0-1058.61~20.04.1 |
| ubuntu/linux-ibm-5.15 | <6.9~ | 6.9~ |
| ubuntu/linux-ibm-5.4 | <6.9~ | 6.9~ |
| ubuntu/linux-intel | <6.9~ | 6.9~ |
| ubuntu/linux-intel-iotg | <5.15.0-1060.66 | 5.15.0-1060.66 |
| ubuntu/linux-intel-iotg | <6.9~ | 6.9~ |
| ubuntu/linux-intel-iotg-5.15 | <5.15.0-1060.66~20.04.1 | 5.15.0-1060.66~20.04.1 |
| ubuntu/linux-intel-iotg-5.15 | <6.9~ | 6.9~ |
| ubuntu/linux-iot | <6.9~ | 6.9~ |
| ubuntu/linux-kvm | <5.15.0-1062.67 | 5.15.0-1062.67 |
| ubuntu/linux-kvm | <6.9~ | 6.9~ |
| ubuntu/linux-laptop | <6.9~ | 6.9~ |
| ubuntu/linux-lowlatency | <5.15.0-116.126 | 5.15.0-116.126 |
| ubuntu/linux-lowlatency | <6.8.0-35.35.1 | 6.8.0-35.35.1 |
| ubuntu/linux-lowlatency | <6.9~ | 6.9~ |
| ubuntu/linux-lowlatency-hwe-5.15 | <5.15.0-116.126~20.04.1 | 5.15.0-116.126~20.04.1 |
| ubuntu/linux-lowlatency-hwe-5.15 | <6.9~ | 6.9~ |
| ubuntu/linux-lowlatency-hwe-6.5 | <6.9~ | 6.9~ |
| ubuntu/linux-lts-xenial | <6.9~ | 6.9~ |
| ubuntu/linux-nvidia | <5.15.0-1060.61 | 5.15.0-1060.61 |
| ubuntu/linux-nvidia | <6.9~ | 6.9~ |
| ubuntu/linux-nvidia-6.5 | <6.9~ | 6.9~ |
| ubuntu/linux-oem-6.5 | <6.9~ | 6.9~ |
| ubuntu/linux-oem-6.8 | <6.8.0-1006.6 | 6.8.0-1006.6 |
| ubuntu/linux-oem-6.8 | <6.9~ | 6.9~ |
| ubuntu/linux-oracle | <5.15.0-1063.69 | 5.15.0-1063.69 |
| ubuntu/linux-oracle | <6.8.0-1006.6 | 6.8.0-1006.6 |
| ubuntu/linux-oracle | <6.9~ | 6.9~ |
| ubuntu/linux-oracle-5.15 | <5.15.0-1063.69~20.04.1 | 5.15.0-1063.69~20.04.1 |
| ubuntu/linux-oracle-5.15 | <6.9~ | 6.9~ |
| ubuntu/linux-oracle-5.4 | <6.9~ | 6.9~ |
| ubuntu/linux-oracle-6.5 | <6.9~ | 6.9~ |
| ubuntu/linux-raspi | <5.15.0-1058.61 | 5.15.0-1058.61 |
| ubuntu/linux-raspi | <6.8.0-1005.5 | 6.8.0-1005.5 |
| ubuntu/linux-raspi | <6.9~ | 6.9~ |
| ubuntu/linux-raspi-5.4 | <6.9~ | 6.9~ |
| ubuntu/linux-riscv | <6.8.0-35.35.1 | 6.8.0-35.35.1 |
| ubuntu/linux-riscv | <6.9~ | 6.9~ |
| ubuntu/linux-riscv-5.15 | <5.15.0-1061.65~20.04.1 | 5.15.0-1061.65~20.04.1 |
| ubuntu/linux-riscv-5.15 | <6.9~ | 6.9~ |
| ubuntu/linux-riscv-6.5 | <6.9~ | 6.9~ |
| ubuntu/linux-starfive | <6.9~ | 6.9~ |
| ubuntu/linux-starfive-6.5 | <6.9~ | 6.9~ |
| ubuntu/linux-xilinx-zynqmp | <6.9~ | 6.9~ |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/589c414138a1bed98e652c905937d8f790804efe
- https://git.kernel.org/stable/c/5cdce3dda3b3dacde902f63a8ee72c2b7f91912d
- https://git.kernel.org/stable/c/5d5f1a7f3b1039925f79c7894f153c2a905201fb
- https://git.kernel.org/stable/c/6c6064cbe58b43533e3451ad6a8ba9736c109ac3
- https://git.kernel.org/stable/c/6fcd12cb90888ef2d8af8d4c04e913252eee4ef3
- https://git.kernel.org/stable/c/e8d27caef2c829a306e1f762fb95f06e8ec676f6
- https://launchpad.net/bugs/cve/CVE-2024-35817
- https://git.kernel.org/linus/6c6064cbe58b43533e3451ad6a8ba9736c109ac3
- https://security-tracker.debian.org/tracker/CVE-2024-35817
- https://www.cve.org/CVERecord?id=CVE-2024-35817
- https://git.kernel.org/linus/6c6064cbe58b43533e3451ad6a8ba9736c109ac3 (6.9-rc1)
- https://ubuntu.com/security/notices/USN-6816-1
- https://ubuntu.com/security/notices/USN-6817-1
- https://ubuntu.com/security/notices/USN-6817-2
- https://ubuntu.com/security/notices/USN-6817-3
- https://ubuntu.com/security/notices/USN-6878-1
- https://ubuntu.com/security/notices/USN-6898-1
- https://ubuntu.com/security/notices/USN-6898-2
- https://ubuntu.com/security/notices/USN-6898-3
- https://nvd.nist.gov/vuln/detail/CVE-2024-35817
- https://git.kernel.org/linus/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
- https://ubuntu.com/security/CVE-2024-35817
Parent vulnerabilities
(Appears in the following advisories)
- agent/title
- agent/severity
- agent/type
- collector/nvd-api
- source/NVD
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/nvd-cve
- agent/author
- agent/description
- agent/event
- agent/last-modified-date
- agent/references
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- package-manager/debian
- package-manager/ubuntu