CVE-2024-41011Incorrect Calculation in Linux

CWE-682Incorrect CalculationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer37 documents7 sources
Severity
7.8HIGHNVD
OSV8.8OSV7.1OSV6.5OSV5.5
EPSS
0.0%
top 94.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LinuxLinux KernelDebian Linux+4 more
Timeline
PublishedJul 18
Latest updateJan 9

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

NVDlinux/linux_kernel5.35.4.283+5
Debianlinux/linux_kernel< 5.10.226-1+3
Ubuntulinux/linux_kernel< 5.4.0-200.220+2
CVEListV5linux/linuxd8e408a82704c86ba87c3d58cfe69dcdb758aa07009c4d78bcf07c4ac2e3dd9f275b4eaa72b4f884+7
debiandebian/linux< linux 6.1.94-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

18
OSV
linux-azure-5.15 vulnerabilities2025-01-09
OSV
linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities2024-12-09
OSV
linux-azure vulnerabilities2024-11-20
OSV
linux-iot vulnerabilities2024-11-19
OSV
linux-raspi, linux-raspi-5.4 vulnerabilities2024-11-14

📋Vendor Advisories

18
Ubuntu
Linux kernel (Azure) vulnerabilities2025-01-09
Ubuntu
Linux kernel (Intel IoTG) vulnerabilities2024-12-09
Ubuntu
Linux kernel (Azure) vulnerabilities2024-11-20
Ubuntu
Linux kernel (IoT) vulnerabilities2024-11-19
Ubuntu
Linux kernel vulnerabilities2024-11-14