CVE-2024-49991 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-49991?

CVE-2024-49991 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the AMDKFD (AMD Kernel Fusion Driver) component of the Linux kernel. An attacker with local access could exploit this to cause a kernel crash (denial of service) or potentially execute arbitrary code with kernel privileges. Systems running affected Linux kernel versions with AMD GPU drivers are vulnerable.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the AMDKFD (AMD Kernel Fusion Driver) component of the Linux kernel. An attacker with local access could exploit this to cause a kernel crash (denial of service) or potentially execute arbitrary code with kernel privileges. Systems running affected Linux kernel versions with AMD GPU drivers are vulnerable.

💻 Affected Systems

Products:

Linux kernel with AMDKFD driver

Versions: Specific kernel versions containing the vulnerable commit; check the git references for exact ranges.

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires AMD GPU hardware and the amdkfd driver to be loaded/enabled. Systems without AMD GPUs or with the driver disabled are not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel mode, allowing complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot.

🟢

If Mitigated

Limited to denial of service if kernel hardening features like KASLR and SMEP are enabled, preventing reliable code execution.

🌐 Internet-Facing: LOW - Requires local access to exploit; not directly reachable over network.

🏢 Internal Only: MEDIUM - Local users or compromised accounts could exploit this for privilege escalation or DoS attacks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of kernel memory layout. No public exploits are known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits: 30ceb873cc2e97348d9da2265b2d1ddf07f682e1, 6c9289806591807e4e3be9a23df8ee2069180055, 71f3240f82987f0f070ea5bed559033de7d4c0e1, c86ad39140bbcb9dc75a10046c2221f657e8083b, e7831613cbbcd9058d3658fbcdc5d5884ceb2e0c

Vendor Advisory: https://git.kernel.org/stable/c/30ceb873cc2e97348d9da2265b2d1ddf07f682e1

Restart Required: Yes

Instructions:

1. Update the Linux kernel to a version containing the fix commits. 2. Reboot the system to load the new kernel. 3. Verify the fix by checking the kernel version and ensuring the amdkfd module loads without issues.

🔧 Temporary Workarounds

Disable AMDKFD module

linux

Prevent loading of the vulnerable amdkfd driver if AMD GPU functionality is not required.

echo 'blacklist amdkfd' >> /etc/modprobe.d/blacklist-amdkfd.conf
update-initramfs -u
reboot

🧯 If You Can't Patch

Restrict local user access to essential personnel only and implement strict privilege separation.
Enable kernel hardening features like KASLR, SMEP, and SMAP to reduce exploit reliability.

🔍 How to Verify

Check if Vulnerable:

Check if the amdkfd module is loaded: lsmod | grep amdkfd. If loaded, check kernel version against affected ranges in git commits.

Check Version:

uname -r

Verify Fix Applied:

Verify the kernel version includes one of the fix commits: uname -r and cross-reference with the git commit hashes.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs in /var/log/kern.log or dmesg output indicating use-after-free or amdkfd crashes.

Network Indicators:

None - this is a local vulnerability.

SIEM Query:

source="kern.log" AND ("use-after-free" OR "amdkfd" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2024-49991

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: October 21, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49991, you might also want to check these: