Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-56542

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/12/2024
Last modified:
14/01/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: fix a memleak issue when driver is removed<br /> <br /> Running "modprobe amdgpu" the second time (followed by a modprobe -r<br /> amdgpu) causes a call trace like:<br /> <br /> [ 845.212163] Memory manager not clean during takedown.<br /> [ 845.212170] WARNING: CPU: 4 PID: 2481 at drivers/gpu/drm/drm_mm.c:999 drm_mm_takedown+0x2b/0x40<br /> [ 845.212177] Modules linked in: amdgpu(OE-) amddrm_ttm_helper(OE) amddrm_buddy(OE) amdxcp(OE) amd_sched(OE) drm_exec drm_suballoc_helper drm_display_helper i2c_algo_bit amdttm(OE) amdkcl(OE) cec rc_core sunrpc qrtr intel_rapl_msr intel_rapl_common snd_hda_codec_hdmi edac_mce_amd snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_usb_audio snd_hda_codec snd_usbmidi_lib kvm_amd snd_hda_core snd_ump mc snd_hwdep kvm snd_pcm snd_seq_midi snd_seq_midi_event irqbypass crct10dif_pclmul snd_rawmidi polyval_clmulni polyval_generic ghash_clmulni_intel sha256_ssse3 sha1_ssse3 snd_seq aesni_intel crypto_simd snd_seq_device cryptd snd_timer mfd_aaeon asus_nb_wmi eeepc_wmi joydev asus_wmi snd ledtrig_audio sparse_keymap ccp wmi_bmof input_leds k10temp i2c_piix4 platform_profile rapl soundcore gpio_amdpt mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 hid_logitech_hidpp hid_logitech_dj hid_generic usbhid hid ahci xhci_pci igc crc32_pclmul libahci xhci_pci_renesas video<br /> [ 845.212284] wmi [last unloaded: amddrm_ttm_helper(OE)]<br /> [ 845.212290] CPU: 4 PID: 2481 Comm: modprobe Tainted: G W OE 6.8.0-31-generic #31-Ubuntu<br /> [ 845.212296] RIP: 0010:drm_mm_takedown+0x2b/0x40<br /> [ 845.212300] Code: 1f 44 00 00 48 8b 47 38 48 83 c7 38 48 39 f8 75 09 31 c0 31 ff e9 90 2e 86 00 55 48 c7 c7 d0 f6 8e 8a 48 89 e5 e8 f5 db 45 ff 0b 5d 31 c0 31 ff e9 74 2e 86 00 66 0f 1f 84 00 00 00 00 00 90<br /> [ 845.212302] RSP: 0018:ffffb11302127ae0 EFLAGS: 00010246<br /> [ 845.212305] RAX: 0000000000000000 RBX: ffff92aa5020fc08 RCX: 0000000000000000<br /> [ 845.212307] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000<br /> [ 845.212309] RBP: ffffb11302127ae0 R08: 0000000000000000 R09: 0000000000000000<br /> [ 845.212310] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000004<br /> [ 845.212312] R13: ffff92aa50200000 R14: ffff92aa5020fb10 R15: ffff92aa5020faa0<br /> [ 845.212313] FS: 0000707dd7c7c080(0000) GS:ffff92b93de00000(0000) knlGS:0000000000000000<br /> [ 845.212316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 845.212318] CR2: 00007d48b0aee200 CR3: 0000000115a58000 CR4: 0000000000f50ef0<br /> [ 845.212320] PKRU: 55555554<br /> [ 845.212321] Call Trace:<br /> [ 845.212323] <br /> [ 845.212328] ? show_regs+0x6d/0x80<br /> [ 845.212333] ? __warn+0x89/0x160<br /> [ 845.212339] ? drm_mm_takedown+0x2b/0x40<br /> [ 845.212344] ? report_bug+0x17e/0x1b0<br /> [ 845.212350] ? handle_bug+0x51/0xa0<br /> [ 845.212355] ? exc_invalid_op+0x18/0x80<br /> [ 845.212359] ? asm_exc_invalid_op+0x1b/0x20<br /> [ 845.212366] ? drm_mm_takedown+0x2b/0x40<br /> [ 845.212371] amdgpu_gtt_mgr_fini+0xa9/0x130 [amdgpu]<br /> [ 845.212645] amdgpu_ttm_fini+0x264/0x340 [amdgpu]<br /> [ 845.212770] amdgpu_bo_fini+0x2e/0xc0 [amdgpu]<br /> [ 845.212894] gmc_v12_0_sw_fini+0x2a/0x40 [amdgpu]<br /> [ 845.213036] amdgpu_device_fini_sw+0x11a/0x590 [amdgpu]<br /> [ 845.213159] amdgpu_driver_release_kms+0x16/0x40 [amdgpu]<br /> [ 845.213302] devm_drm_dev_init_release+0x5e/0x90<br /> [ 845.213305] devm_action_release+0x12/0x30<br /> [ 845.213308] release_nodes+0x42/0xd0<br /> [ 845.213311] devres_release_all+0x97/0xe0<br /> [ 845.213314] device_unbind_cleanup+0x12/0x80<br /> [ 845.213317] device_release_driver_internal+0x230/0x270<br /> [ 845.213319] ? srso_alias_return_thunk+0x5/0xfbef5<br /> <br /> This is caused by lost memory during early init phase. First time driver<br /> is removed, memory is freed but when second time the driver is inserted,<br /> VBIOS dmub is not active, since the PSP policy is to retain the driver<br /> loaded version on subsequent warm boots. Hence, communication with VBIOS<br /> DMUB fails.<br /> <br /> Fix this by aborting further comm<br /> ---truncated---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.11.2 (including) 6.11.11 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.12 (including) 6.12.2 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools