Main Vulnerability Database SB2024021911

SB2024021911 - Privilege escalation in Linux kernel AMD GPU driver

Published: February 19, 2024

Security Bulletin ID SB2024021911

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2023-51042)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdgpu_cs_wait_all_fences() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12
https://github.com/torvalds/linux/commit/2e54154b9f27262efd0cb4f903cc7d5ad1fe9628