Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-49989

Severity CVSS v4.0:
Pending analysis
Type:
CWE-415 Double Free
Publication date:
21/10/2024
Last modified:
03/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: fix double free issue during amdgpu module unload<br /> <br /> Flexible endpoints use DIGs from available inflexible endpoints,<br /> so only the encoders of inflexible links need to be freed.<br /> Otherwise, a double free issue may occur when unloading the<br /> amdgpu module.<br /> <br /> [ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0<br /> [ 279.190577] Call Trace:<br /> [ 279.190580] <br /> [ 279.190582] ? show_regs+0x69/0x80<br /> [ 279.190590] ? die+0x3b/0x90<br /> [ 279.190595] ? do_trap+0xc8/0xe0<br /> [ 279.190601] ? do_error_trap+0x73/0xa0<br /> [ 279.190605] ? __slab_free+0x152/0x2f0<br /> [ 279.190609] ? exc_invalid_op+0x56/0x70<br /> [ 279.190616] ? __slab_free+0x152/0x2f0<br /> [ 279.190642] ? asm_exc_invalid_op+0x1f/0x30<br /> [ 279.190648] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]<br /> [ 279.191096] ? __slab_free+0x152/0x2f0<br /> [ 279.191102] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]<br /> [ 279.191469] kfree+0x260/0x2b0<br /> [ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]<br /> [ 279.191821] link_destroy+0xd7/0x130 [amdgpu]<br /> [ 279.192248] dc_destruct+0x90/0x270 [amdgpu]<br /> [ 279.192666] dc_destroy+0x19/0x40 [amdgpu]<br /> [ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu]<br /> [ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu]<br /> [ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu]<br /> [ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu]<br /> [ 279.194436] amdgpu_pci_remove+0x40/0x80 [amdgpu]<br /> [ 279.194632] pci_device_remove+0x3a/0xa0<br /> [ 279.194638] device_remove+0x40/0x70<br /> [ 279.194642] device_release_driver_internal+0x1ad/0x210<br /> [ 279.194647] driver_detach+0x4e/0xa0<br /> [ 279.194650] bus_remove_driver+0x6f/0xf0<br /> [ 279.194653] driver_unregister+0x33/0x60<br /> [ 279.194657] pci_unregister_driver+0x44/0x90<br /> [ 279.194662] amdgpu_exit+0x19/0x1f0 [amdgpu]<br /> [ 279.194939] __do_sys_delete_module.isra.0+0x198/0x2f0<br /> [ 279.194946] __x64_sys_delete_module+0x16/0x20<br /> [ 279.194950] do_syscall_64+0x58/0x120<br /> [ 279.194954] entry_SYSCALL_64_after_hwframe+0x6e/0x76<br /> [ 279.194980]

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.80 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x
7.80
Severity 3.x
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.6.55 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.10.14 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.11 (including) 6.11.3 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools