CVE-2024-56551

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: fix usage slab after free

[ +0.000021] BUG: KASAN: slab-use-after-free in drmschedentityflush+0x6cb/0x7a0 [gpusched] [ +0.000027] Read of size 8 at addr ffff8881b8605f88 by task amdpciunplug/2147

[ +0.000023] CPU: 6 PID: 2147 Comm: amdpciunplug Not tainted 6.10.0+ #1 [ +0.000016] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020 [ +0.000016] Call Trace: [ +0.000008] <TASK> [ +0.000009] dumpstacklvl+0x76/0xa0 [ +0.000017] printreport+0xce/0x5f0 [ +0.000017] ? drmschedentityflush+0x6cb/0x7a0 [gpusched] [ +0.000019] ? srsoreturnthunk+0x5/0x5f [ +0.000015] ? kasancompletemodereportinfo+0x72/0x200 [ +0.000016] ? drmschedentityflush+0x6cb/0x7a0 [gpusched] [ +0.000019] kasanreport+0xbe/0x110 [ +0.000015] ? drmschedentityflush+0x6cb/0x7a0 [gpusched] [ +0.000023] __asanreportload8_noabort+0x14/0x30 [ +0.000014] drmschedentityflush+0x6cb/0x7a0 [gpusched] [ +0.000020] ? srsoreturnthunk+0x5/0x5f [ +0.000013] ? __kasancheckwrite+0x14/0x30 [ +0.000016] ? __pfxdrmschedentityflush+0x10/0x10 [gpusched] [ +0.000020] ? srsoreturn_thunk+0x5/0x5f [ +0.000013] ? __kasancheckwrite+0x14/0x30 [ +0.000013] ? srsoreturnthunk+0x5/0x5f [ +0.000013] ? enable_work+0x124/0x220 [ +0.000015] ? __pfxenablework+0x10/0x10 [ +0.000013] ? srsoreturnthunk+0x5/0x5f [ +0.000014] ? freelargekmalloc+0x85/0xf0 [ +0.000016] drmschedentitydestroy+0x18/0x30 [gpusched] [ +0.000020] amdgpuvcesw_fini+0x55/0x170 [amdgpu] [ +0.000735] ? __kasancheckread+0x11/0x20 [ +0.000016] vcev40swfini+0x80/0x110 [amdgpu] [ +0.000726] amdgpudevicefinisw+0x331/0xfc0 [amdgpu] [ +0.000679] ? mutexunlock+0x80/0xe0 [ +0.000017] ? __pfxamdgpudevicefinisw+0x10/0x10 [amdgpu] [ +0.000662] ? srsoreturnthunk+0x5/0x5f [ +0.000014] ? __kasancheckwrite+0x14/0x30 [ +0.000013] ? srsoreturnthunk+0x5/0x5f [ +0.000013] ? mutexunlock+0x80/0xe0 [ +0.000016] amdgpudriverreleasekms+0x16/0x80 [amdgpu] [ +0.000663] drmminorrelease+0xc9/0x140 [drm] [ +0.000081] drm_release+0x1fd/0x390 [drm] [ +0.000082] __fput+0x36c/0xad0 [ +0.000018] __fput_sync+0x3c/0x50 [ +0.000014] __x64sysclose+0x7d/0xe0 [ +0.000014] x64syscall+0x1bc6/0x2680 [ +0.000014] dosyscall64+0x70/0x130 [ +0.000014] ? srsoreturnthunk+0x5/0x5f [ +0.000014] ? irqentryexittousermode+0x60/0x190 [ +0.000015] ? srsoreturnthunk+0x5/0x5f [ +0.000014] ? irqentryexit+0x43/0x50 [ +0.000012] ? srsoreturnthunk+0x5/0x5f [ +0.000013] ? excpagefault+0x7c/0x110 [ +0.000015] entrySYSCALL64afterhwframe+0x76/0x7e [ +0.000014] RIP: 0033:0x7ffff7b14f67 [ +0.000013] Code: ff e8 0d 16 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 73 ba f7 ff [ +0.000026] RSP: 002b:00007fffffffe378 EFLAGS: 00000246 ORIGRAX: 0000000000000003 [ +0.000019] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffff7b14f67 [ +0.000014] RDX: 0000000000000000 RSI: 00007ffff7f6f47a RDI: 0000000000000003 [ +0.000014] RBP: 00007fffffffe3a0 R08: 0000555555569890 R09: 0000000000000000 [ +0.000014] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffffffe5c8 [ +0.000013] R13: 00005555555552a9 R14: 0000555555557d48 R15: 00007ffff7ffd040 [ +0.000020] </TASK>

[ +0.000016] Allocated by task 383 on cpu 7 at 26.880319s: [ +0.000014] kasansavestack+0x28/0x60 [ +0.000008] kasansavetrack+0x18/0x70 [ +0.000007] kasansavealloc_info+0x38/0x60 [ +0.000007] _kasankmalloc+0xc1/0xd0 [ +0.000007] kmalloctracenoprof+0x180/0x380 [ +0.000007] drmschedinit+0x411/0xec0 [gpusched] [ +0.000012] amdgpudeviceinit+0x695f/0xa610 [amdgpu] [ +0.000658] amdgpudriverloadkms+0x1a/0x120 [amdgpu] [ +0.000662] amdgpupcip ---truncated---