CVE-2024-35795

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35795
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35795.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-35795
Downstream
Related
Published
2024-05-17T13:23:06Z
Modified
2025-10-17T04:55:45.067776Z
Summary
drm/amdgpu: fix deadlock while reading mqd from debugfs
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: fix deadlock while reading mqd from debugfs

An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately after those lines are printed (although I wasn't able to reproduce that part when reading by hand):

[ 1318.016074][ T1082] ====================================================== [ 1318.016607][ T1082] WARNING: possible circular locking dependency detected [ 1318.017107][ T1082] 6.8.0-rc7-00015-ge0c8221b72c0 #17 Not tainted [ 1318.017598][ T1082] ------------------------------------------------------ [ 1318.018096][ T1082] tar/1082 is trying to acquire lock: [ 1318.018585][ T1082] ffff98c44175d6a0 (&mm->mmaplock){++++}-{3:3}, at: _mightfault+0x40/0x80 [ 1318.019084][ T1082] [ 1318.019084][ T1082] but task is already holding lock: [ 1318.020052][ T1082] ffff98c4c13f55f8 (reservationwwclassmutex){+.+.}-{3:3}, at: amdgpudebugfsmqdread+0x6a/0x250 [amdgpu] [ 1318.020607][ T1082] [ 1318.020607][ T1082] which lock already depends on the new lock. [ 1318.020607][ T1082] [ 1318.022081][ T1082] [ 1318.022081][ T1082] the existing dependency chain (in reverse order) is: [ 1318.023083][ T1082] [ 1318.023083][ T1082] -> #2 (reservationwwclassmutex){+.+.}-{3:3}: [ 1318.024114][ T1082] _wwmutexlock.constprop.0+0xe0/0x12f0 [ 1318.024639][ T1082] wwmutexlock+0x32/0x90 [ 1318.025161][ T1082] dmaresvlockdep+0x18a/0x330 [ 1318.025683][ T1082] dooneinitcall+0x6a/0x350 [ 1318.026210][ T1082] kernelinitfreeable+0x1a3/0x310 [ 1318.026728][ T1082] kernelinit+0x15/0x1a0 [ 1318.027242][ T1082] retfromfork+0x2c/0x40 [ 1318.027759][ T1082] retfromforkasm+0x11/0x20 [ 1318.028281][ T1082] [ 1318.028281][ T1082] -> #1 (reservationwwclassacquire){+.+.}-{0:0}: [ 1318.029297][ T1082] dmaresvlockdep+0x16c/0x330 [ 1318.029790][ T1082] dooneinitcall+0x6a/0x350 [ 1318.030263][ T1082] kernelinitfreeable+0x1a3/0x310 [ 1318.030722][ T1082] kernelinit+0x15/0x1a0 [ 1318.031168][ T1082] retfromfork+0x2c/0x40 [ 1318.031598][ T1082] retfromforkasm+0x11/0x20 [ 1318.032011][ T1082] [ 1318.032011][ T1082] -> #0 (&mm->mmaplock){++++}-{3:3}: [ 1318.032778][ T1082] _lockacquire+0x14bf/0x2680 [ 1318.033141][ T1082] lockacquire+0xcd/0x2c0 [ 1318.033487][ T1082] _mightfault+0x58/0x80 [ 1318.033814][ T1082] amdgpudebugfsmqdread+0x103/0x250 [amdgpu] [ 1318.034181][ T1082] fullproxyread+0x55/0x80 [ 1318.034487][ T1082] vfsread+0xa7/0x360 [ 1318.034788][ T1082] ksysread+0x70/0xf0 [ 1318.035085][ T1082] dosyscall64+0x94/0x180 [ 1318.035375][ T1082] entrySYSCALL64afterhwframe+0x46/0x4e [ 1318.035664][ T1082] [ 1318.035664][ T1082] other info that might help us debug this: [ 1318.035664][ T1082] [ 1318.036487][ T1082] Chain exists of: [ 1318.036487][ T1082] &mm->mmaplock --> reservationwwclassacquire --> reservationwwclassmutex [ 1318.036487][ T1082] [ 1318.037310][ T1082] Possible unsafe locking scenario: [ 1318.037310][ T1082] [ 1318.037838][ T1082] CPU0 CPU1 [ 1318.038101][ T1082] ---- ---- [ 1318.038350][ T1082] lock(reservationwwclassmutex); [ 1318.038590][ T1082] lock(reservationwwclassacquire); [ 1318.038839][ T1082] lock(reservationwwclassmutex); [ 1318.039083][ T1082] rlock(&mm->mmaplock); [ 1318.039328][ T1082] [ 1318.039328][ T1082] * DEADLOCK * [ 1318.039328][ T1082] [ 1318.040029][ T1082] 1 lock held by tar/1082: [ 1318.040259][ T1082] #0: ffff98c4c13f55f8 (reservationwwclassmutex){+.+.}-{3:3}, at: amdgpudebugfsmqdread+0x6a/0x250 [amdgpu] [ 1318.040560][ T1082] [ 1318.040560][ T1082] stack backtrace: [ ---truncated---

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
445d85e3c1dfd8c45b24be6f1527f1e117256d0e
Fixed
197f6d6987c55860f6eea1c93e4f800c59078874
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
445d85e3c1dfd8c45b24be6f1527f1e117256d0e
Fixed
8b03556da6e576c62664b6cd01809e4a09d53b5b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
445d85e3c1dfd8c45b24be6f1527f1e117256d0e
Fixed
4687e3c6ee877ee25e57b984eca00be53b9a8db5
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
445d85e3c1dfd8c45b24be6f1527f1e117256d0e
Fixed
8678b1060ae2b75feb60b87e5b75e17374e3c1c5

Affected versions

v6.*

v6.3
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.10
v6.7.11
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.7.7
v6.7.8
v6.7.9
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.9-rc1

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "145721147458125715800497377500144582193",
                "286907998892922863685168567491004897170",
                "162551889987318711258030453047537078811",
                "143473717480909101241065511882041577151",
                "212542470618880761989253445887418976392",
                "188623117175629271865418477924288723853",
                "136594791049552043326895470228205302546",
                "316764134935636653581520740918327087373",
                "266913946516582848198946386244058519800",
                "264710150108171676656119745493422339472",
                "132720230608542502499462408184660254302",
                "8876943962047218429446997647996943780",
                "176146358856659816500811734444707437613",
                "70584960633912635266996152250933861302",
                "60340557225674897286544669271157260996",
                "100054897525603249946556340978248094361",
                "110510851213399989389248842380655351504",
                "257628091856892654090738868479724821033",
                "318423955586603313931236379795292598437",
                "318140353855235961899830892845384080261",
                "220488906413895836728586773456634384214",
                "18237540891499389553989051309382499742",
                "258037584005481781392561609077721174410",
                "237140740494104680315743509346000196851",
                "310153520753821139900796866839427364312",
                "79622887266649688817426356939197433727",
                "319508789466672789798161476545058419711",
                "259116898405334759764895738103624851067",
                "19001395690807986001434477152271046904",
                "254186706681926384940448889664100148277",
                "315187116173227106872523605823680478123",
                "213248354395864900244886917360295582282",
                "186850757081200767458653722527950200674",
                "210972767885406126306290250648096374745",
                "53968300360849497147528035787055355247"
            ]
        },
        "target": {
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@197f6d6987c55860f6eea1c93e4f800c59078874",
        "id": "CVE-2024-35795-4020648f"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "145721147458125715800497377500144582193",
                "286907998892922863685168567491004897170",
                "162551889987318711258030453047537078811",
                "143473717480909101241065511882041577151",
                "212542470618880761989253445887418976392",
                "188623117175629271865418477924288723853",
                "136594791049552043326895470228205302546",
                "316764134935636653581520740918327087373",
                "266913946516582848198946386244058519800",
                "264710150108171676656119745493422339472",
                "132720230608542502499462408184660254302",
                "8876943962047218429446997647996943780",
                "176146358856659816500811734444707437613",
                "70584960633912635266996152250933861302",
                "60340557225674897286544669271157260996",
                "100054897525603249946556340978248094361",
                "110510851213399989389248842380655351504",
                "257628091856892654090738868479724821033",
                "318423955586603313931236379795292598437",
                "318140353855235961899830892845384080261",
                "220488906413895836728586773456634384214",
                "18237540891499389553989051309382499742",
                "258037584005481781392561609077721174410",
                "237140740494104680315743509346000196851",
                "310153520753821139900796866839427364312",
                "79622887266649688817426356939197433727",
                "319508789466672789798161476545058419711",
                "259116898405334759764895738103624851067",
                "19001395690807986001434477152271046904",
                "254186706681926384940448889664100148277",
                "315187116173227106872523605823680478123",
                "213248354395864900244886917360295582282",
                "186850757081200767458653722527950200674",
                "210972767885406126306290250648096374745",
                "53968300360849497147528035787055355247"
            ]
        },
        "target": {
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4687e3c6ee877ee25e57b984eca00be53b9a8db5",
        "id": "CVE-2024-35795-63fdef1f"
    },
    {
        "digest": {
            "length": 774.0,
            "function_hash": "195113986615175121629639366678839800371"
        },
        "target": {
            "function": "amdgpu_debugfs_mqd_read",
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8678b1060ae2b75feb60b87e5b75e17374e3c1c5",
        "id": "CVE-2024-35795-a076ff9b"
    },
    {
        "digest": {
            "length": 774.0,
            "function_hash": "195113986615175121629639366678839800371"
        },
        "target": {
            "function": "amdgpu_debugfs_mqd_read",
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@197f6d6987c55860f6eea1c93e4f800c59078874",
        "id": "CVE-2024-35795-a722d5b6"
    },
    {
        "digest": {
            "length": 774.0,
            "function_hash": "195113986615175121629639366678839800371"
        },
        "target": {
            "function": "amdgpu_debugfs_mqd_read",
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8b03556da6e576c62664b6cd01809e4a09d53b5b",
        "id": "CVE-2024-35795-bb343f57"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "145721147458125715800497377500144582193",
                "286907998892922863685168567491004897170",
                "162551889987318711258030453047537078811",
                "143473717480909101241065511882041577151",
                "212542470618880761989253445887418976392",
                "188623117175629271865418477924288723853",
                "136594791049552043326895470228205302546",
                "316764134935636653581520740918327087373",
                "266913946516582848198946386244058519800",
                "264710150108171676656119745493422339472",
                "132720230608542502499462408184660254302",
                "8876943962047218429446997647996943780",
                "176146358856659816500811734444707437613",
                "70584960633912635266996152250933861302",
                "60340557225674897286544669271157260996",
                "100054897525603249946556340978248094361",
                "110510851213399989389248842380655351504",
                "257628091856892654090738868479724821033",
                "318423955586603313931236379795292598437",
                "318140353855235961899830892845384080261",
                "220488906413895836728586773456634384214",
                "18237540891499389553989051309382499742",
                "258037584005481781392561609077721174410",
                "237140740494104680315743509346000196851",
                "310153520753821139900796866839427364312",
                "79622887266649688817426356939197433727",
                "319508789466672789798161476545058419711",
                "259116898405334759764895738103624851067",
                "19001395690807986001434477152271046904",
                "254186706681926384940448889664100148277",
                "315187116173227106872523605823680478123",
                "213248354395864900244886917360295582282",
                "186850757081200767458653722527950200674",
                "210972767885406126306290250648096374745",
                "53968300360849497147528035787055355247"
            ]
        },
        "target": {
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8b03556da6e576c62664b6cd01809e4a09d53b5b",
        "id": "CVE-2024-35795-e051f119"
    },
    {
        "digest": {
            "length": 774.0,
            "function_hash": "195113986615175121629639366678839800371"
        },
        "target": {
            "function": "amdgpu_debugfs_mqd_read",
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4687e3c6ee877ee25e57b984eca00be53b9a8db5",
        "id": "CVE-2024-35795-e662ba2f"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "145721147458125715800497377500144582193",
                "286907998892922863685168567491004897170",
                "162551889987318711258030453047537078811",
                "143473717480909101241065511882041577151",
                "212542470618880761989253445887418976392",
                "188623117175629271865418477924288723853",
                "136594791049552043326895470228205302546",
                "316764134935636653581520740918327087373",
                "266913946516582848198946386244058519800",
                "264710150108171676656119745493422339472",
                "132720230608542502499462408184660254302",
                "8876943962047218429446997647996943780",
                "176146358856659816500811734444707437613",
                "70584960633912635266996152250933861302",
                "60340557225674897286544669271157260996",
                "100054897525603249946556340978248094361",
                "110510851213399989389248842380655351504",
                "257628091856892654090738868479724821033",
                "318423955586603313931236379795292598437",
                "318140353855235961899830892845384080261",
                "220488906413895836728586773456634384214",
                "18237540891499389553989051309382499742",
                "258037584005481781392561609077721174410",
                "237140740494104680315743509346000196851",
                "310153520753821139900796866839427364312",
                "79622887266649688817426356939197433727",
                "319508789466672789798161476545058419711",
                "259116898405334759764895738103624851067",
                "19001395690807986001434477152271046904",
                "254186706681926384940448889664100148277",
                "315187116173227106872523605823680478123",
                "213248354395864900244886917360295582282",
                "186850757081200767458653722527950200674",
                "210972767885406126306290250648096374745",
                "53968300360849497147528035787055355247"
            ]
        },
        "target": {
            "file": "drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8678b1060ae2b75feb60b87e5b75e17374e3c1c5",
        "id": "CVE-2024-35795-e7bf2e68"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.5.0
Fixed
6.6.24
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.12
Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.8.3