CVE-2024-56551
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's AMD GPU driver (drm/amdgpu). When the driver attempts to flush a GPU scheduler entity after it has been freed, it can cause memory corruption, potentially leading to system crashes or kernel privilege escalation. This affects Linux systems with AMD GPUs using the amdgpu driver.
💻 Affected Systems
- Linux kernel with AMD GPU support
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to denial of service, or potential privilege escalation allowing attackers to execute arbitrary code with kernel privileges.
Likely Case
System instability, crashes, or denial of service when GPU operations are performed during driver unloading.
If Mitigated
Limited to denial of service if proper kernel hardening and memory protection mechanisms are enabled.
🎯 Exploit Status
Exploitation requires local access and ability to trigger GPU operations during driver unloading. The vulnerability is in kernel memory management, making reliable exploitation challenging but possible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 05b1b33936b71e5f189a813a517f72e8a27fcb2f, 3990ef742c064e22189b954522930db04fc6b1a7, 3cc1116de10953f0265a05d9f351b02a9ec3b497, 6383199ada42d30562b4249c393592a2a9c38165, b61badd20b443eabe132314669bb51a263982e5c
Vendor Advisory: https://git.kernel.org/stable/c/05b1b33936b71e5f189a813a517f72e8a27fcb2f
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable AMD GPU driver unloading
linuxPrevent the driver from being unloaded, which triggers the vulnerable code path
echo 'options amdgpu modeset=1' >> /etc/modprobe.d/amdgpu.conf
update-initramfs -u
🧯 If You Can't Patch
- Restrict local user access to systems with AMD GPUs
- Monitor for kernel panics or system crashes related to GPU operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if amdgpu module is loaded: uname -r && lsmod | grep amdgpuCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and check dmesg for absence of KASAN slab-use-after-free errors related to drm_sched_entity_flush📡 Detection & Monitoring
Log Indicators:
- KASAN: slab-use-after-free in drm_sched_entity_flush
- BUG: KASAN: slab-use-after-free
- kernel panic messages related to amdgpu or GPU scheduling
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("slab-use-after-free" OR "drm_sched_entity_flush" OR "amdgpu" AND "panic")🔗 References
- https://git.kernel.org/stable/c/05b1b33936b71e5f189a813a517f72e8a27fcb2f
- https://git.kernel.org/stable/c/3990ef742c064e22189b954522930db04fc6b1a7
- https://git.kernel.org/stable/c/3cc1116de10953f0265a05d9f351b02a9ec3b497
- https://git.kernel.org/stable/c/6383199ada42d30562b4249c393592a2a9c38165
- https://git.kernel.org/stable/c/b61badd20b443eabe132314669bb51a263982e5c
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
