Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2024-26833

Disclosure Date: April 17, 2024 •

CVE-2024-26833

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/amd/display: Fix memory leak in dm_sw_fini()

After destroying dmub_srv, the memory associated with it is
not freed, causing a memory leak:

unreferenced object 0xffff896302b45800 (size 1024):
comm “(udev-worker)”, pid 222, jiffies 4294894636
hex dump (first 32 bytes):

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

backtrace (crc 6265fd77):

[<ffffffff993495ed>] kmalloc_trace+0x29d/0x340
[<ffffffffc0ea4a94>] dm_dmub_sw_init+0xb4/0x450 [amdgpu]
[<ffffffffc0ea4e55>] dm_sw_init+0x15/0x2b0 [amdgpu]
[<ffffffffc0ba8557>] amdgpu_device_init+0x1417/0x24e0 [amdgpu]
[<ffffffffc0bab285>] amdgpu_driver_load_kms+0x15/0x190 [amdgpu]
[<ffffffffc0ba09c7>] amdgpu_pci_probe+0x187/0x4e0 [amdgpu]
[<ffffffff9968fd1e>] local_pci_probe+0x3e/0x90
[<ffffffff996918a3>] pci_device_probe+0xc3/0x230
[<ffffffff99805872>] really_probe+0xe2/0x480
[<ffffffff99805c98>] __driver_probe_device+0x78/0x160
[<ffffffff99805daf>] driver_probe_device+0x1f/0x90
[<ffffffff9980601e>] __driver_attach+0xce/0x1c0
[<ffffffff99803170>] bus_for_each_dev+0x70/0xc0
[<ffffffff99804822>] bus_add_driver+0x112/0x210
[<ffffffff99807245>] driver_register+0x55/0x100
[<ffffffff990012d1>] do_one_initcall+0x41/0x300

Fix this by freeing dmub_srv after destroying it.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Linux

Products

Linux

References

Canonical

CVE-2024-26833 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26833)

Miscellaneous

https://git.kernel.org/stable/c/b49b022f7dfce85eb77d0d987008fde5c01d7857

https://git.kernel.org/stable/c/33f649f1b1cea39ed360e6c12bba4fac83118e6e

https://git.kernel.org/stable/c/58168005337eabef345a872be3f87d0215ff3b30

https://git.kernel.org/stable/c/10c6b90e975358c17856a578419dc449887899c2

https://git.kernel.org/stable/c/541e79265ea7e339a7c4a462feafe9f8f996e04b

https://git.kernel.org/stable/c/bae67893578d608e35691dcdfa90c4957debf1d3

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Rapid7

Unknown

CVE-2024-26833

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-26833

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-26833

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-26833

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification