CVE-2024-46720
📋 TL;DR
This CVE addresses a NULL pointer dereference vulnerability in the AMD GPU driver within the Linux kernel. An attacker could potentially cause a kernel panic or system crash by triggering this condition. Systems using AMD graphics hardware with vulnerable kernel versions are affected.
💻 Affected Systems
- Linux kernel with AMD GPU driver (drm/amdgpu)
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to denial of service (system crash), potentially allowing limited information disclosure or privilege escalation in combination with other vulnerabilities.
Likely Case
Local denial of service through system crash or instability when specific GPU operations are performed.
If Mitigated
Minimal impact with proper access controls preventing local users from triggering the vulnerable code path.
🎯 Exploit Status
Requires local access and ability to trigger specific GPU operations. No public exploit code identified at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits: 00b9594d6310eb33e14d3f07b54866499efe0d50, 0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c, 1b73ea3d97cc23f9b16d10021782b48397d2b517, b1f7810b05d1950350ac2e06992982974343e441
Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable AMD GPU driver
linuxTemporarily disable the amdgpu kernel module if AMD GPU is not required
echo 'blacklist amdgpu' >> /etc/modprobe.d/blacklist-amdgpu.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict local user access to systems with AMD GPUs
- Implement strict access controls to prevent unauthorized users from running GPU-intensive operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and whether amdgpu module is loaded: 'uname -r' and 'lsmod | grep amdgpu'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to one containing fix commits and amdgpu module loads without issues📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- GPU driver crash logs
- System crash/reboot events
Network Indicators:
- None - local vulnerability only
SIEM Query:
EventID=41 OR Source='kernel' AND Message LIKE '%panic%' OR Message LIKE '%amdgpu%' AND Message LIKE '%NULL%'🔗 References
- https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50
- https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c
- https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517
- https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
