APPLIED: [SRU][J/F][PATCH 0/2] CVE-2024-56551

Stefan Bader stefan.bader at canonical.com
Tue Apr 22 16:52:46 UTC 2025 

On 14.04.25 11:49, Massimiliano Pellizzer wrote:
> https://ubuntu.com/security/CVE-2024-56551
> 
> [ Impact ]
> 
> drm/amdgpu: fix usage slab after free
> 
> The root cause of the issue is that the function drm_sched_fini is called before drm_sched_entity_kill.
> In drm_sched_fini, the drm_sched_rq structure is freed, but this structure is later accessed by
> each entity within the run queue, leading to invalid memory access.
> To resolve this, the order of cleanup calls is updated:
> 
>      Before:
>          amdgpu_fence_driver_sw_fini
>          amdgpu_device_ip_fini
> 
>      After:
>          amdgpu_device_ip_fini
>          amdgpu_fence_driver_sw_fini
> 
> This updated order ensures that all entities in the IPs are cleaned up first, followed by proper
> cleanup of the schedulers.
> 
> Additional Investigation:
> 
> During debugging, another issue was identified in the amdgpu_vce_sw_fini function. The vce.vcpu_bo
> buffer must be freed only as the final step in the cleanup process to prevent any premature
> access during earlier cleanup stages.
> 
> [ Fix ]
> 
> Oracular: Fixed via upstream stable updates (LP: #2095594)
> Noble: Fixed via upstream stable updates (LP: #2101915)
> Jammy: Backported from mainline
> Focal: Backported from mainline
> 
> [ Test Plan ]
> 
> Compile tested only.
> 
> [ Where Problems Could Occur ]
> 
> The fix affects the AMDGPU DRM driver.
> An issue with this fix may introduce inconsistencies
> in scheduling entity cleanup sequence, potentially
> resulting in premature release of scheduling structures.
> A user might experience problems such as system instability,
> GPU hangs or kernel crashes.
> 

Applied to jammy,focal:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 47863 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250422/cf1681f2/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250422/cf1681f2/attachment-0001.sig>

More information about the kernel-team mailing list