CVE-2024-27400

MEDIUM

Linux Kernel 5.15.149-5.16 - Use-After-Free in amdgpu_ttm_move()

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 This reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap. The basic problem here is that after the move the old location is simply not available any more. Some fixes were suggested, but essentially we should call the move notification before actually moving things because only this way we have the correct order for DMA-buf and VM move notifications as well. Also rework the statistic handling so that we don't update the eviction counter before the move. v2: add missing NULL check

References (6)

Core 6

Core References

Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/

Patch

https://git.kernel.org/stable/c/5c25b169f9a0b34ee410891a96bc9d7b9ed6f9be

Patch

https://git.kernel.org/stable/c/0c7ed3ed35eec9138b88d42217b5a6b9a62bda4d

Patch

https://git.kernel.org/stable/c/9a4f6e138720b6e9adf7b82a71d0292f3f276480

Patch

https://git.kernel.org/stable/c/d3a9331a6591e9df64791e076f6591f440af51c3

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 0.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (20)

fedoraproject/fedora 39

fedoraproject/fedora 40

Linux/Linux < 6.8

Linux/Linux 1cd2b612474c07b17a21e27f2eed8dff75cb5057

Linux/Linux 5.15.149 - 5.16

Linux/Linux 6.1.77 - 6.1.91

Linux/Linux 6.1.91 - 6.1.*

Linux/Linux 6.6.16 - 6.6.31

Linux/Linux 6.6.31 - 6.6.*

Linux/Linux 6.7.4 - 6.8

... and 10 more

Published May 14, 2024

Tracked Since Feb 18, 2026