CVE-2024-46896

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: don&amp;#39;t access invalid sched<br /> <br /> Since 2320c9e6a768 ("drm/sched: memset() &amp;#39;job&amp;#39; in drm_sched_job_init()")<br /> accessing job-&gt;base.sched can produce unexpected results as the initialisation<br /> of (*job)-&gt;base.sched done in amdgpu_job_alloc is overwritten by the<br /> memset.<br /> <br /> This commit fixes an issue when a CS would fail validation and would<br /> be rejected after job-&gt;num_ibs is incremented. In this case,<br /> amdgpu_ib_free(ring-&gt;adev, ...) will be called, which would crash the<br /> machine because the ring value is bogus.<br /> <br /> To fix this, pass a NULL pointer to amdgpu_ib_free(): we can do this<br /> because the device is actually not used in this function.<br /> <br /> The next commit will remove the ring argument completely.<br /> <br /> (cherry picked from commit 2ae520cb12831d264ceb97c61f72c59d33c0dbd7)