CVE-2024-46896 Information
Description
In the Linux kernel the following vulnerability has been resolved:
drm/amdgpu: don’t access invalid sched
Since 2320c9e6a768 (\drm/sched: memset() ‘job’ in drm_sched_job_init()) accessing job->base.sched can produce unexpected results as the initialisation of (job)->base.sched done in amdgpu_job_alloc is overwritten by the memset.
This commit fixes an issue when a CS would fail validation and would be rejected after job->num_ibs is incremented. In this case amdgpu_ib_free(ring->adev …) will be called which would crash the machine because the ring value is bogus.
To fix this pass a NULL pointer to amdgpu_ib_free(): we can do this because the device is actually not used in this function.
The next commit will remove the ring argument completely.
(cherry picked from commit 2ae520cb12831d264ceb97c61f72c59d33c0dbd7)
Reference
https://git.kernel.org/stable/c/65501a4fd84ecdc0af863dbb37759242aab9f2dd https://git.kernel.org/stable/c/67291d601f2b032062b1b2f60ffef1b63e10094c https://git.kernel.org/stable/c/a93b1020eb9386d7da11608477121b10079c076a https://git.kernel.org/stable/c/da6b2c626ae73c303378ce9eaf6e3eaf16c9925a
Share on: