SB2024042979 - Denial of service in Linux kernel amdgpu driver
Published: April 29, 2024
Security Bulletin ID
SB2024042979
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2024-26922)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the amdgpu_vm_bo_insert_map(), amdgpu_vm_bo_map(), amdgpu_vm_bo_replace_map(), and amdgpu_vm_bo_clear_mappings() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c. A local user can pass specially crafted input to the driver and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75
- https://git.kernel.org/stable/c/8b12fc7b032633539acdf7864888b0ebd49e90f2
- https://git.kernel.org/stable/c/212e3baccdb1939606420d88f7f52d346b49a284
- https://git.kernel.org/stable/c/ef13eeca7c79136bc38e21eb67322c1cbd5c40ee
- https://git.kernel.org/stable/c/b1f04b9b1c5317f562a455384c5f7473e46bdbaa