CVE-2024-26986

MEDIUM

Linux Kernel 6.5-6.6.28 - Use-After-Free in KFD Process Creation

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in create_process failure Fix memory leak due to a leaked mmget reference on an error handling code path that is triggered when attempting to create KFD processes while a GPU reset is in progress.

References (6)

Core 6

Core References

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/

Patch

https://git.kernel.org/stable/c/aa02d43367a9adf8c85fb382fea4171fb266c8d0

Patch

https://git.kernel.org/stable/c/0dcd876411644da98a6b4d5a18d32ca94c15bdb5

Patch

https://git.kernel.org/stable/c/18921b205012568b45760753ad3146ddb9e2d4e2

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 1.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (15)

fedoraproject/fedora 38

fedoraproject/fedora 39

fedoraproject/fedora 40

linux/Kernel 6.5.0 - 6.6.29linux

linux/Kernel 6.7.0 - 6.8.8linux

Linux/Linux < 6.5

Linux/Linux 0ab2d7532b05a3e7c06fd3b0c8bd6b46c1dfb508 - 0dcd876411644da98a6b4d5a18d32ca94c15bdb5

Linux/Linux 0ab2d7532b05a3e7c06fd3b0c8bd6b46c1dfb508 - 18921b205012568b45760753ad3146ddb9e2d4e2

Linux/Linux 0ab2d7532b05a3e7c06fd3b0c8bd6b46c1dfb508 - aa02d43367a9adf8c85fb382fea4171fb266c8d0

Linux/Linux 6.5

... and 5 more

Published May 01, 2024

Tracked Since Feb 18, 2026