CVE-2024-46803
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's AMDKFD driver could cause kernel crashes or denial of service. This affects systems using AMD GPUs with the KFD driver enabled. Attackers could potentially trigger this to crash the kernel.
💻 Affected Systems
- Linux kernel with AMDKFD driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially allowing limited information disclosure through crash dumps.
Likely Case
System crash or kernel panic requiring reboot, causing temporary denial of service.
If Mitigated
No impact if debug trap functionality is disabled or system is patched.
🎯 Exploit Status
Requires ability to trigger GPU debug events, typically needs local access or compromised GPU workload.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 547033b593063eb85bfdf9b25a5f1b8fd1911be2, 820dcbd38a77bd5fdc4236d521c1c122841227d0, e6ea3b8fe398915338147fe54dd2db8155fdafd8
Vendor Advisory: https://git.kernel.org/stable/c/547033b593063eb85bfdf9b25a5f1b8fd1911be2
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable AMDKFD debug trap functionality
linuxPrevent debug trap events that could trigger the vulnerability
echo 0 > /sys/module/amdkfd/parameters/debug_trap_enable
🧯 If You Can't Patch
- Restrict GPU access to trusted users only
- Disable AMDKFD driver module if not required
🔍 How to Verify
Check if Vulnerable:
Check if AMDKFD driver is loaded and kernel version is before fix commits: lsmod | grep amdkfd && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and AMDKFD module loads without issues📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference errors in kernel logs
- GPU driver crash logs
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "amdkfd")