CVE-2024-36022

NameCVE-2024-36022
DescriptionIn the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload In passthrough environment, when amdgpu is reloaded after unload, mode-1 is triggered after initializing the necessary IPs, That init does not include KFD, and KFD init waits until the reset is completed. KFD init is called in the reset handler, but in this case, the zone device and drm client is not initialized, causing app to create kernel panic. v2: Removing the init KFD condition from amdgpu_amdkfd_drm_client_create. As the previous version has the potential of creating DRM client twice. v3: v2 patch results in SDMA engine hung as DRM open causes VM clear to SDMA before SDMA init. Adding the condition to in drm client creation, on top of v1, to guard against drm client creation call multiple times.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)jessie, jessie (lts)3.16.84-1vulnerable
stretch (security)4.9.320-2vulnerable
stretch (lts), stretch4.9.320-3vulnerable
buster (security), buster, buster (lts)4.19.316-1vulnerable
bullseye5.10.223-1vulnerable
bullseye (security)5.10.226-1vulnerable
bookworm6.1.115-1vulnerable
bookworm (security)6.1.119-1vulnerable
trixie6.12.5-1fixed
sid6.12.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcejessie(unfixed)end-of-life
linuxsourcestretch(unfixed)end-of-life
linuxsourcebuster(unfixed)end-of-life
linuxsource(unstable)6.8.9-1

Notes

https://git.kernel.org/linus/f679fd6057fbf5ab34aaee28d58b7f81af0cbf48 (6.9-rc1)

Search for package or bug name: Reporting problems