Memory Allocation Vulnerability in AMD Graphics Drivers
CVE-2024-56697

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 December 2024

Summary

A vulnerability in the AMD graphics drivers within the Linux kernel identified issues in memory allocation during the execution of the amdgpu_discovery_get_nps_info() function. The vulnerability was characterized by a lack of checks for allocation failures, which could potentially lead to dereferencing a null pointer, resulting in application crashes or undefined behavior. The solution involved implementing safety checks and utilizing the kvcalloc() function, which ensures safe memory allocation by checking for multiplication overflow. Furthermore, the output parameters nps_type and range_cnt are now assigned post-memory allocation to guarantee their integrity in case of an allocation error.

Affected Version(s)

Linux b194d21b9bcc15b50df1bc3ff7428e51c2918a6f

References

https://git.kernel.org/stable/c/d14bea4e094871226ea69772d...

https://git.kernel.org/stable/c/e8f1dbaa0437eba4e8c1d6a6d...

https://git.kernel.org/stable/c/a1144da794adedb9447437c57...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 28, 2024