CVE-2024-41011

HIGH

Linux kernel - Info Disclosure

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space.

References (8)

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html

[Patch] https://git.kernel.org/stable/c/009c4d78bcf07c4ac2e3dd9f275b4eaa72b4f884

[Patch] https://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724

[Patch] https://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5

[Patch] https://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28

[Patch] https://git.kernel.org/stable/c/8ad4838040e5515939c071a0f511ce2661a0889d

[Patch] https://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7

[Patch] https://git.kernel.org/stable/c/f7276cdc1912325b64c33fcb1361952c06e55f63

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 5.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-682

Status published

Affected Products (14)

linux/linux_kernel < 5.4.283

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

linux/Kernel < 5.4.283linux

linux/Kernel < 5.10.225linux

linux/Kernel < 5.15.166linux

linux/Kernel < 6.1.91linux

linux/Kernel < 6.6.31linux

linux/Kernel < 6.8.10linux

Timeline

Published Jul 18, 2024

Tracked Since Feb 18, 2026