ghsa-jmxw-f4w9-294j
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: fix double free issue during amdgpu module unload
Flexible endpoints use DIGs from available inflexible endpoints, so only the encoders of inflexible links need to be freed. Otherwise, a double free issue may occur when unloading the amdgpu module.
[ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0 [ 279.190577] Call Trace: [ 279.190580] [ 279.190582] ? show_regs+0x69/0x80 [ 279.190590] ? die+0x3b/0x90 [ 279.190595] ? do_trap+0xc8/0xe0 [ 279.190601] ? do_error_trap+0x73/0xa0 [ 279.190605] ? __slab_free+0x152/0x2f0 [ 279.190609] ? exc_invalid_op+0x56/0x70 [ 279.190616] ? __slab_free+0x152/0x2f0 [ 279.190642] ? asm_exc_invalid_op+0x1f/0x30 [ 279.190648] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191096] ? __slab_free+0x152/0x2f0 [ 279.191102] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191469] kfree+0x260/0x2b0 [ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191821] link_destroy+0xd7/0x130 [amdgpu] [ 279.192248] dc_destruct+0x90/0x270 [amdgpu] [ 279.192666] dc_destroy+0x19/0x40 [amdgpu] [ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu] [ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu] [ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu] [ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu] [ 279.194436] amdgpu_pci_remove+0x40/0x80 [amdgpu] [ 279.194632] pci_device_remove+0x3a/0xa0 [ 279.194638] device_remove+0x40/0x70 [ 279.194642] device_release_driver_internal+0x1ad/0x210 [ 279.194647] driver_detach+0x4e/0xa0 [ 279.194650] bus_remove_driver+0x6f/0xf0 [ 279.194653] driver_unregister+0x33/0x60 [ 279.194657] pci_unregister_driver+0x44/0x90 [ 279.194662] amdgpu_exit+0x19/0x1f0 [amdgpu] [ 279.194939] __do_sys_delete_module.isra.0+0x198/0x2f0 [ 279.194946] __x64_sys_delete_module+0x16/0x20 [ 279.194950] do_syscall_64+0x58/0x120 [ 279.194954] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 279.194980]
{ affected: [], aliases: [ "CVE-2024-49989", ], database_specific: { cwe_ids: [ "CWE-415", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2024-10-21T18:15:19Z", severity: "HIGH", }, details: "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix double free issue during amdgpu module unload\n\nFlexible endpoints use DIGs from available inflexible endpoints,\nso only the encoders of inflexible links need to be freed.\nOtherwise, a double free issue may occur when unloading the\namdgpu module.\n\n[ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0\n[ 279.190577] Call Trace:\n[ 279.190580] <TASK>\n[ 279.190582] ? show_regs+0x69/0x80\n[ 279.190590] ? die+0x3b/0x90\n[ 279.190595] ? do_trap+0xc8/0xe0\n[ 279.190601] ? do_error_trap+0x73/0xa0\n[ 279.190605] ? __slab_free+0x152/0x2f0\n[ 279.190609] ? exc_invalid_op+0x56/0x70\n[ 279.190616] ? __slab_free+0x152/0x2f0\n[ 279.190642] ? asm_exc_invalid_op+0x1f/0x30\n[ 279.190648] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191096] ? __slab_free+0x152/0x2f0\n[ 279.191102] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191469] kfree+0x260/0x2b0\n[ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[ 279.191821] link_destroy+0xd7/0x130 [amdgpu]\n[ 279.192248] dc_destruct+0x90/0x270 [amdgpu]\n[ 279.192666] dc_destroy+0x19/0x40 [amdgpu]\n[ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu]\n[ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu]\n[ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu]\n[ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu]\n[ 279.194436] amdgpu_pci_remove+0x40/0x80 [amdgpu]\n[ 279.194632] pci_device_remove+0x3a/0xa0\n[ 279.194638] device_remove+0x40/0x70\n[ 279.194642] device_release_driver_internal+0x1ad/0x210\n[ 279.194647] driver_detach+0x4e/0xa0\n[ 279.194650] bus_remove_driver+0x6f/0xf0\n[ 279.194653] driver_unregister+0x33/0x60\n[ 279.194657] pci_unregister_driver+0x44/0x90\n[ 279.194662] amdgpu_exit+0x19/0x1f0 [amdgpu]\n[ 279.194939] __do_sys_delete_module.isra.0+0x198/0x2f0\n[ 279.194946] __x64_sys_delete_module+0x16/0x20\n[ 279.194950] do_syscall_64+0x58/0x120\n[ 279.194954] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 279.194980] </TASK>", id: "GHSA-jmxw-f4w9-294j", modified: "2025-02-21T15:31:58Z", published: "2024-10-21T18:30:59Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-49989", }, { type: "WEB", url: "https://git.kernel.org/stable/c/20b5a8f9f4670a8503aa9fa95ca632e77c6bf55d", }, { type: "WEB", url: "https://git.kernel.org/stable/c/3c0ff4de45ce2c5f7997a1ffa6eefee4b79e6b58", }, { type: "WEB", url: "https://git.kernel.org/stable/c/7af9e6fa63dbd43a61d4ecc8f59426596a75e507", }, { type: "WEB", url: "https://git.kernel.org/stable/c/cf6f3ebd6312d465fee096d1f58089b177c7c67f", }, { type: "WEB", url: "https://git.kernel.org/stable/c/df948b5ba6858d5da34f622d408e5517057cec07", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
Log in or create an account to share your comment.
This schema specifies the format of a comment related to a security advisory.
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.