[SRU][J/F][PATCH 0/2] CVE-2024-56551
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Mon Apr 14 09:49:10 UTC 2025
https://ubuntu.com/security/CVE-2024-56551
[ Impact ]
drm/amdgpu: fix usage slab after free
The root cause of the issue is that the function drm_sched_fini is called before drm_sched_entity_kill.
In drm_sched_fini, the drm_sched_rq structure is freed, but this structure is later accessed by
each entity within the run queue, leading to invalid memory access.
To resolve this, the order of cleanup calls is updated:
Before:
amdgpu_fence_driver_sw_fini
amdgpu_device_ip_fini
After:
amdgpu_device_ip_fini
amdgpu_fence_driver_sw_fini
This updated order ensures that all entities in the IPs are cleaned up first, followed by proper
cleanup of the schedulers.
Additional Investigation:
During debugging, another issue was identified in the amdgpu_vce_sw_fini function. The vce.vcpu_bo
buffer must be freed only as the final step in the cleanup process to prevent any premature
access during earlier cleanup stages.
[ Fix ]
Oracular: Fixed via upstream stable updates (LP: #2095594)
Noble: Fixed via upstream stable updates (LP: #2101915)
Jammy: Backported from mainline
Focal: Backported from mainline
[ Test Plan ]
Compile tested only.
[ Where Problems Could Occur ]
The fix affects the AMDGPU DRM driver.
An issue with this fix may introduce inconsistencies
in scheduling entity cleanup sequence, potentially
resulting in premature release of scheduling structures.
A user might experience problems such as system instability,
GPU hangs or kernel crashes.
More information about the kernel-team
mailing list