Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()' The `kfd_get_cu_occupancy` function previously declared a large `cu_occupancy` array as a local variable, which could lead to stack overflows due to excessive stack usage. This commit replaces the static array allocation with dynamic memory allocation using `kcalloc`, thereby reducing the stack size. This change avoids the risk of stack overflows in kernel space, in scenarios where `AMDGPU_MAX_QUEUES` is large. The allocated memory is freed using `kfree` before the function returns to prevent memory leaks. Fixes the below with gcc W=1: drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_process.c: In function ‘kfd_get_cu_occupancy’: drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_process.c:322:1: warning: the frame size of 1056 bytes is larger than 1024 bytes [-Wframe-larger-than=] 322 | } | ^
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.12, < 6.12.2 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/6d9f07196389f35a3afebcf1a12c1425725cadddMailing ListPatch
- https://git.kernel.org/stable/c/922f0e00017b09d9d47e3efac008c8b20ed546a0Mailing ListPatch
FAQ
What is CVE-2024-56695?
CVE-2024-56695 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()' The `kfd_get_cu_occupancy` function previous...
How severe is CVE-2024-56695?
CVE-2024-56695 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-56695?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.