Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2024-35817

HistoryMay 17, 2024 - 2:15 p.m.

CVE-2024-35817

2024-05-1714:15:16

Debian Security Bug Tracker

security-tracker.debian.org

linux kernel

amdgpu_ttm_gart_bind

gtt bound flag

gart space

page fault

gpu access

vulnerability

fix

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Otherwise after the GTT bo is released, the GTT and gart space is freed but amdgpu_ttm_backend_unbind will not clear the gart page table entry and leave valid mapping entry pointing to the stale system page. Then if GPU access the gart address mistakely, it will read undefined value instead page fault, harder to debug and reproduce the real issue.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 6.1.85-1linux_6.1.85-1_all.deb
Debian11alllinux<= 5.10.209-2linux_5.10.209-2_all.deb
Debian10alllinux<= 4.19.249-2linux_4.19.249-2_all.deb
Debian999alllinux< 6.7.12-1linux_6.7.12-1_all.deb
Debian13alllinux< 6.7.12-1linux_6.7.12-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 6.1.85-1	linux_6.1.85-1_all.deb
Debian	11	all	linux	<= 5.10.209-2	linux_5.10.209-2_all.deb
Debian	10	all	linux	<= 4.19.249-2	linux_4.19.249-2_all.deb
Debian	999	all	linux	< 6.7.12-1	linux_6.7.12-1_all.deb
Debian	13	all	linux	< 6.7.12-1	linux_6.7.12-1_all.deb