CVE-2024-41011

drm/amdkfd: don't allow mapping the MMIO HDP page with large pages

Description

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/009c4d78bcf07c4ac2e3dd9f275b4eaa72b4f884 patch
https://git.kernel.org/stable/c/f7276cdc1912325b64c33fcb1361952c06e55f63 patch
https://git.kernel.org/stable/c/8ad4838040e5515939c071a0f511ce2661a0889d patch
https://git.kernel.org/stable/c/89fffbdf535ce659c1a26b51ad62070566e33b28 patch
https://git.kernel.org/stable/c/4b4cff994a27ebf7bd3fb9a798a1cdfa8d01b724 patch
https://git.kernel.org/stable/c/6186c93560889265bfe0914609c274eff40bbeb5 patch
https://git.kernel.org/stable/c/be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 patch

Frequently Asked Questions

What is the severity of CVE-2024-41011?
CVE-2024-41011 has been scored as a high severity vulnerability.
How to fix CVE-2024-41011?
To fix CVE-2024-41011, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-41011 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-41011 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-41011?
CVE-2024-41011 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.