{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-49989","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-10-21T12:17:06.054Z","datePublished":"2024-10-21T18:02:32.507Z","dateUpdated":"2025-11-03T19:31:34.549Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-07-11T17:21:26.643Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix double free issue during amdgpu module unload\n\nFlexible endpoints use DIGs from available inflexible endpoints,\nso only the encoders of inflexible links need to be freed.\nOtherwise, a double free issue may occur when unloading the\namdgpu module.\n\n[  279.190523] RIP: 0010:__slab_free+0x152/0x2f0\n[  279.190577] Call Trace:\n[  279.190580]  <TASK>\n[  279.190582]  ? show_regs+0x69/0x80\n[  279.190590]  ? die+0x3b/0x90\n[  279.190595]  ? do_trap+0xc8/0xe0\n[  279.190601]  ? do_error_trap+0x73/0xa0\n[  279.190605]  ? __slab_free+0x152/0x2f0\n[  279.190609]  ? exc_invalid_op+0x56/0x70\n[  279.190616]  ? __slab_free+0x152/0x2f0\n[  279.190642]  ? asm_exc_invalid_op+0x1f/0x30\n[  279.190648]  ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[  279.191096]  ? __slab_free+0x152/0x2f0\n[  279.191102]  ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[  279.191469]  kfree+0x260/0x2b0\n[  279.191474]  dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[  279.191821]  link_destroy+0xd7/0x130 [amdgpu]\n[  279.192248]  dc_destruct+0x90/0x270 [amdgpu]\n[  279.192666]  dc_destroy+0x19/0x40 [amdgpu]\n[  279.193020]  amdgpu_dm_fini+0x16e/0x200 [amdgpu]\n[  279.193432]  dm_hw_fini+0x26/0x40 [amdgpu]\n[  279.193795]  amdgpu_device_fini_hw+0x24c/0x400 [amdgpu]\n[  279.194108]  amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu]\n[  279.194436]  amdgpu_pci_remove+0x40/0x80 [amdgpu]\n[  279.194632]  pci_device_remove+0x3a/0xa0\n[  279.194638]  device_remove+0x40/0x70\n[  279.194642]  device_release_driver_internal+0x1ad/0x210\n[  279.194647]  driver_detach+0x4e/0xa0\n[  279.194650]  bus_remove_driver+0x6f/0xf0\n[  279.194653]  driver_unregister+0x33/0x60\n[  279.194657]  pci_unregister_driver+0x44/0x90\n[  279.194662]  amdgpu_exit+0x19/0x1f0 [amdgpu]\n[  279.194939]  __do_sys_delete_module.isra.0+0x198/0x2f0\n[  279.194946]  __x64_sys_delete_module+0x16/0x20\n[  279.194950]  do_syscall_64+0x58/0x120\n[  279.194954]  entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[  279.194980]  </TASK>"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/amd/display/dc/link/link_factory.c"],"versions":[{"version":"4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c","lessThan":"43c296870740a3a264cdca9f18db12e12e9cfbdb","status":"affected","versionType":"git"},{"version":"4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c","lessThan":"df948b5ba6858d5da34f622d408e5517057cec07","status":"affected","versionType":"git"},{"version":"4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c","lessThan":"cf6f3ebd6312d465fee096d1f58089b177c7c67f","status":"affected","versionType":"git"},{"version":"4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c","lessThan":"7af9e6fa63dbd43a61d4ecc8f59426596a75e507","status":"affected","versionType":"git"},{"version":"4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c","lessThan":"3c0ff4de45ce2c5f7997a1ffa6eefee4b79e6b58","status":"affected","versionType":"git"},{"version":"4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c","lessThan":"20b5a8f9f4670a8503aa9fa95ca632e77c6bf55d","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/amd/display/dc/link/link_factory.c"],"versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","status":"unaffected","versionType":"semver"},{"version":"5.15.181","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.129","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.55","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.10.14","lessThanOrEqual":"6.10.*","status":"unaffected","versionType":"semver"},{"version":"6.11.3","lessThanOrEqual":"6.11.*","status":"unaffected","versionType":"semver"},{"version":"6.12","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.15.181"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.1.129"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.6.55"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.10.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.11.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.12"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/43c296870740a3a264cdca9f18db12e12e9cfbdb"},{"url":"https://git.kernel.org/stable/c/df948b5ba6858d5da34f622d408e5517057cec07"},{"url":"https://git.kernel.org/stable/c/cf6f3ebd6312d465fee096d1f58089b177c7c67f"},{"url":"https://git.kernel.org/stable/c/7af9e6fa63dbd43a61d4ecc8f59426596a75e507"},{"url":"https://git.kernel.org/stable/c/3c0ff4de45ce2c5f7997a1ffa6eefee4b79e6b58"},{"url":"https://git.kernel.org/stable/c/20b5a8f9f4670a8503aa9fa95ca632e77c6bf55d"}],"title":"drm/amd/display: fix double free issue during amdgpu module unload","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-49989","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-10-22T13:31:29.374759Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-22T13:38:43.110Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:31:34.549Z"}}]}}