Lenovo update for AMD Graphics driver for Linux
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2024-26656 CVE-2024-27400 CVE-2024-26657 CVE-2023-52921 CVE-2024-41008 |
| CWE-ID | CWE-416 CWE-399 CWE-476 CWE-388 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
ThinkSystem SR685a V3 Hardware solutions / Firmware ThinkStation P358 Workstation Hardware solutions / Firmware ThinkStation P620 Workstation Hardware solutions / Firmware ThinkSystem SR675 V3 Hardware solutions / Firmware ThinkSystem SR665 V3 Hardware solutions / Firmware ThinkSystem SR655 V3 Hardware solutions / Firmware ThinkSystem SR860 V3 Hardware solutions / Firmware ThinkSystem SR850 V3 Hardware solutions / Firmware ThinkSystem SR670 V2 Hardware solutions / Firmware ThinkSystem SR650 V3 Hardware solutions / Firmware ThinkSystem SR650 V2 Hardware solutions / Firmware ThinkStation P920 Workstation Hardware solutions / Firmware ThinkStation P720 Workstation Hardware solutions / Firmware ThinkStation P520c Workstation Hardware solutions / Firmware ThinkStation P520 Workstation Hardware solutions / Firmware ThinkStation P350 Workstation Hardware solutions / Firmware ThinkStation P340 Workstation Hardware solutions / Firmware ThinkSystem SR665 Hardware solutions / Firmware ThinkSystem SR655 Hardware solutions / Firmware AMD Graphics Processing Unit (GPU) Adapter Linux Driver Hardware solutions / Drivers AMD Graphics Driver for Linux® Hardware solutions / Drivers |
| Vendor | Lenovo |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU88145
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26656
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to crash the kernel.
The vulnerability exists due to a use-after-free error in drivers/gpu/drm/amd/amdgpu/amdgpu_hmm.c. A local user can send a single amdgpu_gem_userptr_ioctl
to the AMDGPU DRM driver on any ASICs with an invalid address and size and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsThinkSystem SR685a V3: All versions
ThinkStation P358 Workstation: All versions
ThinkStation P620 Workstation: All versions
ThinkSystem SR675 V3: All versions
ThinkSystem SR665 V3: All versions
ThinkSystem SR655 V3: All versions
ThinkSystem SR860 V3: All versions
ThinkSystem SR850 V3: All versions
ThinkSystem SR670 V2: All versions
ThinkSystem SR650 V3: All versions
ThinkSystem SR650 V2: All versions
ThinkStation P920 Workstation: All versions
ThinkStation P720 Workstation: All versions
ThinkStation P520c Workstation: All versions
ThinkStation P520 Workstation: All versions
ThinkStation P350 Workstation: All versions
ThinkStation P340 Workstation: All versions
ThinkSystem SR665: All versions
ThinkSystem SR655: All versions
AMD Graphics Processing Unit (GPU) Adapter Linux Driver: before ROCM 6.2.0
AMD Graphics Driver for Linux®: before 24.30.2
CPE2.3- cpe:2.3:h:lenovo:thinksystem_sr685a_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p358_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p620_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr675_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr665_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr655_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr860_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr850_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr670_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr650_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr650_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p920_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p720_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p520c_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p520_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p350_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p340_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr665:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr655:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:amd_graphics_processing_unit_gpu_adapter_linux_driver:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:amd_graphics_driver_for_linux:*:*:*:*:*:*:*:*
https://support.lenovo.com/us/en/product_security/LEN-191494
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU89674
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27400
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in amdgpu driver. A local user can crash the OS kernel.
Install update from vendor's website.
Vulnerable software versionsThinkSystem SR685a V3: All versions
ThinkStation P358 Workstation: All versions
ThinkStation P620 Workstation: All versions
ThinkSystem SR675 V3: All versions
ThinkSystem SR665 V3: All versions
ThinkSystem SR655 V3: All versions
ThinkSystem SR860 V3: All versions
ThinkSystem SR850 V3: All versions
ThinkSystem SR670 V2: All versions
ThinkSystem SR650 V3: All versions
ThinkSystem SR650 V2: All versions
ThinkStation P920 Workstation: All versions
ThinkStation P720 Workstation: All versions
ThinkStation P520c Workstation: All versions
ThinkStation P520 Workstation: All versions
ThinkStation P350 Workstation: All versions
ThinkStation P340 Workstation: All versions
ThinkSystem SR665: All versions
ThinkSystem SR655: All versions
AMD Graphics Processing Unit (GPU) Adapter Linux Driver: before ROCM 6.2.0
AMD Graphics Driver for Linux®: before 24.30.2
CPE2.3- cpe:2.3:h:lenovo:thinksystem_sr685a_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p358_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p620_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr675_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr665_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr655_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr860_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr850_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr670_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr650_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr650_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p920_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p720_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p520c_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p520_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p350_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p340_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr665:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr655:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:amd_graphics_processing_unit_gpu_adapter_linux_driver:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:amd_graphics_driver_for_linux:*:*:*:*:*:*:*:*
https://support.lenovo.com/us/en/product_security/LEN-191494
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU88146
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26657
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/gpu/drm/scheduler/sched_entity.c. A local user can send an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsThinkSystem SR685a V3: All versions
ThinkStation P358 Workstation: All versions
ThinkStation P620 Workstation: All versions
ThinkSystem SR675 V3: All versions
ThinkSystem SR665 V3: All versions
ThinkSystem SR655 V3: All versions
ThinkSystem SR860 V3: All versions
ThinkSystem SR850 V3: All versions
ThinkSystem SR670 V2: All versions
ThinkSystem SR650 V3: All versions
ThinkSystem SR650 V2: All versions
ThinkStation P920 Workstation: All versions
ThinkStation P720 Workstation: All versions
ThinkStation P520c Workstation: All versions
ThinkStation P520 Workstation: All versions
ThinkStation P350 Workstation: All versions
ThinkStation P340 Workstation: All versions
ThinkSystem SR665: All versions
ThinkSystem SR655: All versions
AMD Graphics Processing Unit (GPU) Adapter Linux Driver: before ROCM 6.2.0
AMD Graphics Driver for Linux®: before 24.30.2
CPE2.3- cpe:2.3:h:lenovo:thinksystem_sr685a_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p358_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p620_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr675_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr665_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr655_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr860_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr850_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr670_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr650_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr650_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p920_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p720_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p520c_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p520_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p350_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p340_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr665:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr655:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:amd_graphics_processing_unit_gpu_adapter_linux_driver:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:amd_graphics_driver_for_linux:*:*:*:*:*:*:*:*
https://support.lenovo.com/us/en/product_security/LEN-191494
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU100617
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52921
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdgpu_cs_pass1() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsThinkSystem SR685a V3: All versions
ThinkStation P358 Workstation: All versions
ThinkStation P620 Workstation: All versions
ThinkSystem SR675 V3: All versions
ThinkSystem SR665 V3: All versions
ThinkSystem SR655 V3: All versions
ThinkSystem SR860 V3: All versions
ThinkSystem SR850 V3: All versions
ThinkSystem SR670 V2: All versions
ThinkSystem SR650 V3: All versions
ThinkSystem SR650 V2: All versions
ThinkStation P920 Workstation: All versions
ThinkStation P720 Workstation: All versions
ThinkStation P520c Workstation: All versions
ThinkStation P520 Workstation: All versions
ThinkStation P350 Workstation: All versions
ThinkStation P340 Workstation: All versions
ThinkSystem SR665: All versions
ThinkSystem SR655: All versions
AMD Graphics Processing Unit (GPU) Adapter Linux Driver: before ROCM 6.2.0
AMD Graphics Driver for Linux®: before 24.30.2
CPE2.3- cpe:2.3:h:lenovo:thinksystem_sr685a_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p358_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p620_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr675_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr665_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr655_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr860_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr850_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr670_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr650_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr650_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p920_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p720_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p520c_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p520_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p350_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p340_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr665:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr655:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:amd_graphics_processing_unit_gpu_adapter_linux_driver:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:amd_graphics_driver_for_linux:*:*:*:*:*:*:*:*
https://support.lenovo.com/us/en/product_security/LEN-191494
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper error handling
EUVDB-ID: #VU94462
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41008
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the kfd_smi_event_update_thermal_throttling() function in drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c, within the sdma_v4_4_2_print_iv_entry() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c, within the sdma_v4_0_print_iv_entry() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c, within the gmc_v9_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c, within the gmc_v8_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c, within the gmc_v11_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c, within the gmc_v10_0_process_interrupt() function in drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c, within the amdgpu_vm_ptes_update() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c, within the amdgpu_vm_validate(), amdgpu_vm_wait_idle(), amdgpu_vm_init(), amdgpu_vm_fini() and amdgpu_vm_ioctl() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c, within the amdgpu_coredump() function in drivers/gpu/drm/amd/amdgpu/amdgpu_reset.c, within the amdgpu_job_timedout() function in drivers/gpu/drm/amd/amdgpu/amdgpu_job.c, within the amdgpu_gem_object_open() function in drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c, within the amdgpu_debugfs_vm_info_show() function in drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsThinkSystem SR685a V3: All versions
ThinkStation P358 Workstation: All versions
ThinkStation P620 Workstation: All versions
ThinkSystem SR675 V3: All versions
ThinkSystem SR665 V3: All versions
ThinkSystem SR655 V3: All versions
ThinkSystem SR860 V3: All versions
ThinkSystem SR850 V3: All versions
ThinkSystem SR670 V2: All versions
ThinkSystem SR650 V3: All versions
ThinkSystem SR650 V2: All versions
ThinkStation P920 Workstation: All versions
ThinkStation P720 Workstation: All versions
ThinkStation P520c Workstation: All versions
ThinkStation P520 Workstation: All versions
ThinkStation P350 Workstation: All versions
ThinkStation P340 Workstation: All versions
ThinkSystem SR665: All versions
ThinkSystem SR655: All versions
AMD Graphics Processing Unit (GPU) Adapter Linux Driver: before ROCM 6.2.0
AMD Graphics Driver for Linux®: before 24.30.2
CPE2.3- cpe:2.3:h:lenovo:thinksystem_sr685a_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p358_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p620_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr675_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr665_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr655_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr860_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr850_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr670_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr650_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr650_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p920_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p720_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p520c_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p520_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p350_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinkstation_p340_workstation:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr665:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:thinksystem_sr655:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:amd_graphics_processing_unit_gpu_adapter_linux_driver:*:*:*:*:*:*:*:*
- cpe:2.3:h:lenovo:amd_graphics_driver_for_linux:*:*:*:*:*:*:*:*
https://support.lenovo.com/us/en/product_security/LEN-191494
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
