CVE-2024-26833
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/04/2024
Last modified:
07/01/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
drm/amd/display: Fix memory leak in dm_sw_fini()<br />
<br />
After destroying dmub_srv, the memory associated with it is<br />
not freed, causing a memory leak:<br />
<br />
unreferenced object 0xffff896302b45800 (size 1024):<br />
comm "(udev-worker)", pid 222, jiffies 4294894636<br />
hex dump (first 32 bytes):<br />
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br />
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br />
backtrace (crc 6265fd77):<br />
[] kmalloc_trace+0x29d/0x340<br />
[] dm_dmub_sw_init+0xb4/0x450 [amdgpu]<br />
[] dm_sw_init+0x15/0x2b0 [amdgpu]<br />
[] amdgpu_device_init+0x1417/0x24e0 [amdgpu]<br />
[] amdgpu_driver_load_kms+0x15/0x190 [amdgpu]<br />
[] amdgpu_pci_probe+0x187/0x4e0 [amdgpu]<br />
[] local_pci_probe+0x3e/0x90<br />
[] pci_device_probe+0xc3/0x230<br />
[] really_probe+0xe2/0x480<br />
[] __driver_probe_device+0x78/0x160<br />
[] driver_probe_device+0x1f/0x90<br />
[] __driver_attach+0xce/0x1c0<br />
[] bus_for_each_dev+0x70/0xc0<br />
[] bus_add_driver+0x112/0x210<br />
[] driver_register+0x55/0x100<br />
[] do_one_initcall+0x41/0x300<br />
<br />
Fix this by freeing dmub_srv after destroying it.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.6 (including) | 5.10.211 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.150 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.80 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.19 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.7.7 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/10c6b90e975358c17856a578419dc449887899c2
- https://git.kernel.org/stable/c/33f649f1b1cea39ed360e6c12bba4fac83118e6e
- https://git.kernel.org/stable/c/541e79265ea7e339a7c4a462feafe9f8f996e04b
- https://git.kernel.org/stable/c/58168005337eabef345a872be3f87d0215ff3b30
- https://git.kernel.org/stable/c/b49b022f7dfce85eb77d0d987008fde5c01d7857
- https://git.kernel.org/stable/c/bae67893578d608e35691dcdfa90c4957debf1d3
- https://git.kernel.org/stable/c/10c6b90e975358c17856a578419dc449887899c2
- https://git.kernel.org/stable/c/33f649f1b1cea39ed360e6c12bba4fac83118e6e
- https://git.kernel.org/stable/c/541e79265ea7e339a7c4a462feafe9f8f996e04b
- https://git.kernel.org/stable/c/58168005337eabef345a872be3f87d0215ff3b30
- https://git.kernel.org/stable/c/b49b022f7dfce85eb77d0d987008fde5c01d7857
- https://git.kernel.org/stable/c/bae67893578d608e35691dcdfa90c4957debf1d3
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html