CVE-2024-26817

MEDIUM

Linux Kernel Integer Overflow via amdkfd Memory Allocation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-26817. PoCs published by MaherAzzouzi.

AI-analyzed exploit summary This repository contains a detailed writeup describing CVE-2024-26817, an integer overflow vulnerability in the AMD KFD driver's `kfd_ioctl_get_process_apertures_new` function. The issue arises from improper handling of user-provided data in `args->num_of_nodes`, leading to potential heap corruption.

Description

In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow.

Exploits (1)

nomisec WRITEUP 7 stars

by MaherAzzouzi · poc

https://github.com/MaherAzzouzi/CVE-2024-26817-amdkfd

View Code ZIP pw:eip

This repository contains a detailed writeup describing CVE-2024-26817, an integer overflow vulnerability in the AMD KFD driver's `kfd_ioctl_get_process_apertures_new` function. The issue arises from improper handling of user-provided data in `args->num_of_nodes`, leading to potential heap corruption.

Classification

Writeup 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Theoretical

Target: Linux kernel with AMD KFD driver (versions before fixes in 4.19.312, 5.4.274, 5.10.215, 5.15.155, 6.1.86, 6.6.27, 6.8.6)

No auth needed

Prerequisites: Access to a system with vulnerable AMD KFD driver · Ability to execute ioctl calls on the affected device

MITRE ATT&CK