{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41011", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.610Z", "datePublished": "2024-07-18T07:04:04.823Z", "dateUpdated": "2024-09-11T17:34:06.529Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-04T12:02:04.809Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: don't allow mapping the MMIO HDP page with large pages\n\nWe don't get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with >4K pages, we end up\nexposing PAGE_SIZE of MMIO space."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdkfd/kfd_chardev.c"], "versions": [{"version": "d8e408a82704", "lessThan": "009c4d78bcf0", "status": "affected", "versionType": "git"}, {"version": "d8e408a82704", "lessThan": "f7276cdc1912", "status": "affected", "versionType": "git"}, {"version": "d8e408a82704", "lessThan": "8ad4838040e5", "status": "affected", "versionType": "git"}, {"version": "d8e408a82704", "lessThan": "89fffbdf535c", "status": "affected", "versionType": "git"}, {"version": "d8e408a82704", "lessThan": "4b4cff994a27", "status": "affected", "versionType": "git"}, {"version": "d8e408a82704", "lessThan": "6186c9356088", "status": "affected", "versionType": "git"}, {"version": "d8e408a82704", "lessThan": "be4a2a81b6b9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdkfd/kfd_chardev.c"], "versions": [{"version": "5.3", "status": "affected"}, {"version": "0", "lessThan": "5.3", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.283", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.225", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.166", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.91", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.31", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8.10", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/009c4d78bcf07c4ac2e3dd9f275b4eaa72b4f884"}, {"url": "https://git.kernel.org/stable/c/f7276cdc1912325b64c33fcb1361952c06e55f63"}, {"url": "https://git.kernel.org/stable/c/8ad4838040e5515939c071a0f511ce2661a0889d"}, {"url": "https://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28"}, {"url": "https://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724"}, {"url": "https://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5"}, {"url": "https://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7"}], "title": "drm/amdkfd: don't allow mapping the MMIO HDP page with large pages", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:56.164Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41011", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:25:05.897243Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:06.529Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-41011", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-12T12:17:45.610Z", "datePublished": "2024-07-18T07:04:04.823Z", "dateUpdated": "2024-09-04T12:02:04.809Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-09-04T12:02:04.809Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: don't allow mapping the MMIO HDP page with large pages\n\nWe don't get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with >4K pages, we end up\nexposing PAGE_SIZE of MMIO space."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdkfd/kfd_chardev.c"], "versions": [{"version": "d8e408a82704", "lessThan": "009c4d78bcf0", "status": "affected", "versionType": "git"}, {"version": "d8e408a82704", "lessThan": "f7276cdc1912", "status": "affected", "versionType": "git"}, {"version": "d8e408a82704", "lessThan": "8ad4838040e5", "status": "affected", "versionType": "git"}, {"version": "d8e408a82704", "lessThan": "89fffbdf535c", "status": "affected", "versionType": "git"}, {"version": "d8e408a82704", "lessThan": "4b4cff994a27", "status": "affected", "versionType": "git"}, {"version": "d8e408a82704", "lessThan": "6186c9356088", "status": "affected", "versionType": "git"}, {"version": "d8e408a82704", "lessThan": "be4a2a81b6b9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/amd/amdkfd/kfd_chardev.c"], "versions": [{"version": "5.3", "status": "affected"}, {"version": "0", "lessThan": "5.3", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.283", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.225", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.166", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.91", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.31", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8.10", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/009c4d78bcf07c4ac2e3dd9f275b4eaa72b4f884"}, {"url": "https://git.kernel.org/stable/c/f7276cdc1912325b64c33fcb1361952c06e55f63"}, {"url": "https://git.kernel.org/stable/c/8ad4838040e5515939c071a0f511ce2661a0889d"}, {"url": "https://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28"}, {"url": "https://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724"}, {"url": "https://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5"}, {"url": "https://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7"}], "title": "drm/amdkfd: don't allow mapping the MMIO HDP page with large pages", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-41011", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:25:05.897243Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-09-11T12:42:20.702Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D05066F4-CEBB-4CD3-8523-D54F9FE7F513", "versionEndExcluding": "5.4.283", "versionStartIncluding": "5.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C57B46A9-B105-4792-8481-1870DEFB436A", "versionEndExcluding": "5.10.225", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "913ED6CD-8ACF-48AF-AA18-7880881DD402", "versionEndExcluding": "5.15.166", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F8C886C-75AA-469B-A6A9-12BF1A29C0D5", "versionEndExcluding": "6.1.91", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A6B920C-8D8F-4130-86B4-AD334F4CF2E3", "versionEndExcluding": "6.8.10", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*", "matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*", "matchCriteriaId": "52048DDA-FC5A-4363-95A0-A6357B4D7F8C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*", "matchCriteriaId": "A06B2CCF-3F43-4FA9-8773-C83C3F5764B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*", "matchCriteriaId": "F850DCEC-E08B-4317-A33B-D2DCF39F601B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc6:*:*:*:*:*:*", "matchCriteriaId": "91326417-E981-482E-A5A3-28BC1327521B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc7:*:*:*:*:*:*", "matchCriteriaId": "DAECDCD8-F556-4606-8D7B-5C6D47A501F2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: don't allow mapping the MMIO HDP page with large pages\n\nWe don't get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with >4K pages, we end up\nexposing PAGE_SIZE of MMIO space."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdkfd: no permite mapear la p\u00e1gina MMIO HDP con p\u00e1ginas grandes. En ese caso, no obtenemos el desplazamiento correcto. La GPU tiene un \u00e1rea 4K no utilizada del espacio BAR de registros en el que puede reasignar registros. Reasignamos los registros de descarga del HDP en este espacio para permitir que el espacio de usuario (CPU o GPU) vac\u00ede el HDP cuando actualice la VRAM. Sin embargo, en sistemas con p\u00e1ginas >4K, terminamos exponiendo PAGE_SIZE del espacio MMIO."}], "id": "CVE-2024-41011", "lastModified": "2024-09-06T13:19:10.197", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-18T07:15:02.070", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/009c4d78bcf07c4ac2e3dd9f275b4eaa72b4f884"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8ad4838040e5515939c071a0f511ce2661a0889d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f7276cdc1912325b64c33fcb1361952c06e55f63"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-682"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages", "id": "2298582", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298582"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-119", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndrm/amdkfd: don't allow mapping the MMIO HDP page with large pages\nWe don't get the right offset in that case. The GPU has\nan unused 4K area of the register BAR space into which you can\nremap registers. We remap the HDP flush registers into this\nspace to allow userspace (CPU or GPU) to flush the HDP when it\nupdates VRAM. However, on systems with >4K pages, we end up\nexposing PAGE_SIZE of MMIO space.", "A flaw was found in the Linux Kernel's AMD Kernel Fusion Driver when mapping the MMIO HDP page with large pages. This issue could allow a local user to gain unauthorized access to memory."], "name": "CVE-2024-41011", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-41011\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-41011\nhttps://lore.kernel.org/linux-cve-announce/2024071807-CVE-2024-41011-616d@gregkh/T"], "statement": "Red Hat Enterprise Linux not affected.", "threat_severity": "Low", "upstream_fix": "kernel 6.1.91, kernel 6.6.31, kernel 6.8.10, kernel 6.9"}