CVE-2024-41011

HIGH

Linux kernel - Info Disclosure

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space.

References (8)

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html

[Patch] https://git.kernel.org/stable/c/009c4d78bcf07c4ac2e3dd9f275b4eaa72b4f884

[Patch] https://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724

[Patch] https://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5

[Patch] https://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28

[Patch] https://git.kernel.org/stable/c/8ad4838040e5515939c071a0f511ce2661a0889d

[Patch] https://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7

[Patch] https://git.kernel.org/stable/c/f7276cdc1912325b64c33fcb1361952c06e55f63

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 6.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-682

Status published

Products (8)

linux/Kernel 5.11.0 - 5.15.166linux

linux/Kernel 5.16.0 - 6.1.91linux

linux/Kernel 5.3.0 - 5.4.283linux

linux/Kernel 5.5.0 - 5.10.225linux

linux/Kernel 6.2.0 - 6.6.31linux

linux/Kernel 6.7.0 - 6.8.10linux

linux/linux_kernel 6.9 rc1 (7 CPE variants)

linux/linux_kernel 5.3 - 5.4.283

Published Jul 18, 2024

Tracked Since Feb 18, 2026