{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-46896","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-01-11T12:33:33.708Z","datePublished":"2025-01-11T12:35:34.351Z","dateUpdated":"2025-11-03T20:39:29.043Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:36:26.311Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: don't access invalid sched\n\nSince 2320c9e6a768 (\"drm/sched: memset() 'job' in drm_sched_job_init()\")\naccessing job->base.sched can produce unexpected results as the initialisation\nof (*job)->base.sched done in amdgpu_job_alloc is overwritten by the\nmemset.\n\nThis commit fixes an issue when a CS would fail validation and would\nbe rejected after job->num_ibs is incremented. In this case,\namdgpu_ib_free(ring->adev, ...) will be called, which would crash the\nmachine because the ring value is bogus.\n\nTo fix this, pass a NULL pointer to amdgpu_ib_free(): we can do this\nbecause the device is actually not used in this function.\n\nThe next commit will remove the ring argument completely.\n\n(cherry picked from commit 2ae520cb12831d264ceb97c61f72c59d33c0dbd7)"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/amd/amdgpu/amdgpu_job.c"],"versions":[{"version":"166df51487f46b6e997dfeea7ca0c2a970853f07","lessThan":"65501a4fd84ecdc0af863dbb37759242aab9f2dd","status":"affected","versionType":"git"},{"version":"87210234e5a273ebf9c4110a6aa82b8221478daa","lessThan":"da6b2c626ae73c303378ce9eaf6e3eaf16c9925a","status":"affected","versionType":"git"},{"version":"2da108b4b5fb7ec04d7e951418ed80e97f7c35ad","lessThan":"67291d601f2b032062b1b2f60ffef1b63e10094c","status":"affected","versionType":"git"},{"version":"2320c9e6a768d135c7b0039995182bb1a4e4fd22","lessThan":"a93b1020eb9386d7da11608477121b10079c076a","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/amd/amdgpu/amdgpu_job.c"],"versions":[{"version":"6.1.120","lessThan":"6.1.122","status":"affected","versionType":"semver"},{"version":"6.6.66","lessThan":"6.6.68","status":"affected","versionType":"semver"},{"version":"6.12.5","lessThan":"6.12.7","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.120","versionEndExcluding":"6.1.122"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.66","versionEndExcluding":"6.6.68"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.5","versionEndExcluding":"6.12.7"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/65501a4fd84ecdc0af863dbb37759242aab9f2dd"},{"url":"https://git.kernel.org/stable/c/da6b2c626ae73c303378ce9eaf6e3eaf16c9925a"},{"url":"https://git.kernel.org/stable/c/67291d601f2b032062b1b2f60ffef1b63e10094c"},{"url":"https://git.kernel.org/stable/c/a93b1020eb9386d7da11608477121b10079c076a"}],"title":"drm/amdgpu: don't access invalid sched","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T20:39:29.043Z"}}]}}