CVE-2024-46896NULL Pointer Dereference in Linux

CWE-476NULL Pointer DereferenceCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 99.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedJan 11

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: don't access invalid sched Since 2320c9e6a768 ("drm/sched: memset() 'job' in drm_sched_job_init()") accessing job->base.sched can produce unexpected results as the initialisation of (*job)->base.sched done in amdgpu_job_alloc is overwritten by the memset. This commit fixes an issue when a CS would fail validation and would be rejected after job->num_ibs is incremented. In this case, amdgpu_ib_free(ring->adev, ...)

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel6.1.1206.1.122+3
Debianlinux/linux_kernel< 6.1.123-1+2
CVEListV5linux/linux166df51487f46b6e997dfeea7ca0c2a970853f0765501a4fd84ecdc0af863dbb37759242aab9f2dd+6
debiandebian/linux< linux 6.1.123-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.123-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-vjgg-3f8r-g7rm: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: don't access invalid sched Since 2320c9e6a768 ("drm/sched: memset()2025-01-11
OSV
CVE-2024-46896: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: don't access invalid sched Since 2320c9e6a768 ("drm/sched: memset() 'j2025-01-11

📋Vendor Advisories

2
Red Hat
kernel: drm/amdgpu: don't access invalid sched2025-01-11
Debian
CVE-2024-46896: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu:...2024