7.8
HIGH
CVE-2024-41011
AMD KFD GPU MMIO Information Leak
Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space.

INFO

Published Date :

July 18, 2024, 7:15 a.m.

Last Modified :

Sept. 6, 2024, 1:19 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2024-41011 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-41011.

URL Resource
https://git.kernel.org/stable/c/009c4d78bcf07c4ac2e3dd9f275b4eaa72b4f884 Patch
https://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724 Patch
https://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5 Patch
https://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28 Patch
https://git.kernel.org/stable/c/8ad4838040e5515939c071a0f511ce2661a0889d Patch
https://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 Patch
https://git.kernel.org/stable/c/f7276cdc1912325b64c33fcb1361952c06e55f63 Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-41011 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-41011 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Sep. 06, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://git.kernel.org/stable/c/009c4d78bcf07c4ac2e3dd9f275b4eaa72b4f884 No Types Assigned https://git.kernel.org/stable/c/009c4d78bcf07c4ac2e3dd9f275b4eaa72b4f884 Patch
    Changed Reference Type https://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724 No Types Assigned https://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724 Patch
    Changed Reference Type https://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5 No Types Assigned https://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5 Patch
    Changed Reference Type https://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28 No Types Assigned https://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28 Patch
    Changed Reference Type https://git.kernel.org/stable/c/8ad4838040e5515939c071a0f511ce2661a0889d No Types Assigned https://git.kernel.org/stable/c/8ad4838040e5515939c071a0f511ce2661a0889d Patch
    Changed Reference Type https://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 No Types Assigned https://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 Patch
    Changed Reference Type https://git.kernel.org/stable/c/f7276cdc1912325b64c33fcb1361952c06e55f63 No Types Assigned https://git.kernel.org/stable/c/f7276cdc1912325b64c33fcb1361952c06e55f63 Patch
    Added CWE NIST CWE-682
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.3 up to (excluding) 5.4.283 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.225 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.166 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.91 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.8.10 *cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc6:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.9:rc7:*:*:*:*:*:*
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Sep. 04, 2024

    Action Type Old Value New Value
    Added Reference kernel.org https://git.kernel.org/stable/c/009c4d78bcf07c4ac2e3dd9f275b4eaa72b4f884 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/f7276cdc1912325b64c33fcb1361952c06e55f63 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/8ad4838040e5515939c071a0f511ce2661a0889d [No types assigned]
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jul. 18, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space.
    Added Reference kernel.org https://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-41011 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-41011 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: