CVE-2024-57921

Q: What is the severity of CVE-2024-57921?

CVE-2024-57921 has a CVSS score of 5.5 (MEDIUM). A race condition vulnerability in the AMD GPU driver for Linux allows concurrent access to the buddy allocator's trim function, potentially causing system hangs or crashes. This affects Linux systems with AMD graphics hardware when running multi-display configurations with concurrent GPU-intensive applications like YouTube videos and Steam games.

5.5 MEDIUM

Denial of Service

📋 TL;DR

A race condition vulnerability in the AMD GPU driver for Linux allows concurrent access to the buddy allocator's trim function, potentially causing system hangs or crashes. This affects Linux systems with AMD graphics hardware when running multi-display configurations with concurrent GPU-intensive applications like YouTube videos and Steam games.

💻 Affected Systems

Products:

Linux kernel with AMD GPU driver (amdgpu)

Versions: Linux kernel versions containing the vulnerable amdgpu driver code before the fix commit 3318ba94e56b9183d0304577c74b33b6b01ce516

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires AMD GPU hardware, multi-display configuration, and concurrent GPU-intensive applications. Most impactful on gaming/workstation systems.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

System becomes completely unresponsive (hard hang) requiring hard reboot, potentially causing data loss or corruption.

🟠

Likely Case

System instability, application crashes, or temporary freezes when running GPU-intensive applications concurrently on multi-display setups.

🟢

If Mitigated

Minor performance impact from lock contention but stable system operation.

🌐 Internet-Facing: LOW - This is a local kernel driver vulnerability requiring local access and specific GPU usage patterns.

🏢 Internal Only: MEDIUM - Affects workstations and gaming systems with AMD GPUs running Linux, particularly those used for development, gaming, or multimedia work.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and specific usage patterns (concurrent GPU-intensive applications). This appears to be a reliability/stability issue rather than a security bypass.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commit 3318ba94e56b9183d0304577c74b33b6b01ce516 or later

Vendor Advisory: https://git.kernel.org/stable/c/758e3c3054b65336cf0c5f240221f63b4fb98478

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commit. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Avoid concurrent GPU-intensive applications

linux

Prevent triggering the race condition by avoiding simultaneous YouTube video playback and Steam gaming or other GPU-intensive tasks.

Use single display configuration

linux

Disable multi-display setups to reduce likelihood of triggering the race condition.

🧯 If You Can't Patch

Avoid running concurrent GPU-intensive applications (YouTube + Steam games simultaneously)
Consider using single display configuration instead of multi-display setups

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if amdgpu module is loaded: 'uname -r' and 'lsmod | grep amdgpu'

Check Version:

uname -r

Verify Fix Applied:

Check kernel contains the fix commit: 'git log --oneline | grep 3318ba94e56b9183d0304577c74b33b6b01ce516' or verify kernel version is after the fix was merged

📡 Detection & Monitoring

Log Indicators:

Kernel logs showing 'general protection fault' with amddrm_buddy in call trace
System hang/crash events when running GPU-intensive applications

SIEM Query:

source="kernel" AND ("general protection fault" AND "amddrm_buddy") OR ("amdgpu" AND "hang" OR "crash")

📊 Metadata

CVE ID: CVE-2024-57921

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-667

EPSS Score: 0.03% exploit probability (7.3th percentile)

Published: January 19, 2025

Last Updated: September 26, 2025

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Avoid concurrent GPU-intensive applications

Use single display configuration

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities