CVE-2024-26817

amdkfd: use calloc instead of kzalloc to avoid integer overflow

Description

In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.16%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/e6721ea845fcb93a764a92bd40f1afc0d6c69751 patch
https://git.kernel.org/stable/c/8b0564704255c6b3c6a7188e86939f754e1577c0 patch
https://git.kernel.org/stable/c/fcbd99b3c73309107e3be71f20dff9414df64f91 patch
https://git.kernel.org/stable/c/cbac7de1d9901521e78cdc34e15451df3611f2ad patch
https://git.kernel.org/stable/c/e6768c6737f4c02cba193a3339f0cc2907f0b86a patch
https://git.kernel.org/stable/c/315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7 patch
https://git.kernel.org/stable/c/0c33d11153949310d76631d8f4a4736519eacd3a patch
https://git.kernel.org/stable/c/3b0daecfeac0103aba8b293df07a0cbaf8b43f29 patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html mailing list

Frequently Asked Questions

What is the severity of CVE-2024-26817?
CVE-2024-26817 has been scored as a medium severity vulnerability.
How to fix CVE-2024-26817?
To fix CVE-2024-26817, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26817 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26817 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26817?
CVE-2024-26817 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.