CVE-2024-50221: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Vangogh: Fix kernel memory out of bounds write KASAN reports that the GPU metrics table allocated in vangogh_tables_init() is not large enough for the memset done in smu_cmn_init_soft_gpu_metrics(). Condensed report follows: [ 33.861314] BUG: KASAN: slab-out-of-bounds in smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu] [ 33.861799] Write of size 168 at addr ffff888129f59500 by task mangoapp/1067 ... [ 33.861808] CPU: 6 UID: 1000 PID: 1067 Comm: mangoapp Tainted: G W 6.12.0-rc4 #356 1a56f59a8b5182eeaf67eb7cb8b13594dd23b544 [ 33.861816] Tainted: [W]=WARN [ 33.861818] Hardware name: Valve Galileo/Galileo, BIOS F7G0107 12/01/2023 [ 33.861822] Call Trace: [ 33.861826] <TASK> [ 33.861829] dump_stack_lvl+0x66/0x90 [ 33.861838] print_report+0xce/0x620 [ 33.861853] kasan_report+0xda/0x110 [ 33.862794] kasan_check_range+0xfd/0x1a0 [ 33.862799] __asan_memset+0x23/0x40 [ 33.862803] smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779] [ 33.863306] vangogh_get_gpu_metrics_v2_4+0x123/0xad0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779] [ 33.864257] vangogh_common_get_gpu_metrics+0xb0c/0xbc0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779] [ 33.865682] amdgpu_dpm_get_gpu_metrics+0xcc/0x110 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779] [ 33.866160] amdgpu_get_gpu_metrics+0x154/0x2d0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779] [ 33.867135] dev_attr_show+0x43/0xc0 [ 33.867147] sysfs_kf_seq_show+0x1f1/0x3b0 [ 33.867155] seq_read_iter+0x3f8/0x1140 [ 33.867173] vfs_read+0x76c/0xc50 [ 33.867198] ksys_read+0xfb/0x1d0 [ 33.867214] do_syscall_64+0x90/0x160 ... [ 33.867353] Allocated by task 378 on cpu 7 at 22.794876s: [ 33.867358] kasan_save_stack+0x33/0x50 [ 33.867364] kasan_save_track+0x17/0x60 [ 33.867367] __kasan_kmalloc+0x87/0x90 [ 33.867371] vangogh_init_smc_tables+0x3f9/0x840 [amdgpu] [ 33.867835] smu_sw_init+0xa32/0x1850 [amdgpu] [ 33.868299] amdgpu_device_init+0x467b/0x8d90 [amdgpu] [ 33.868733] amdgpu_driver_load_kms+0x19/0xf0 [amdgpu] [ 33.869167] amdgpu_pci_probe+0x2d6/0xcd0 [amdgpu] [ 33.869608] local_pci_probe+0xda/0x180 [ 33.869614] pci_device_probe+0x43f/0x6b0 Empirically we can confirm that the former allocates 152 bytes for the table, while the latter memsets the 168 large block. Root cause appears that when GPU metrics tables for v2_4 parts were added it was not considered to enlarge the table to fit. The fix in this patch is rather "brute force" and perhaps later should be done in a smarter way, by extracting and consolidating the part version to size logic to a common helper, instead of brute forcing the largest possible allocation. Nevertheless, for now this works and fixes the out of bounds write. v2: * Drop impossible v3_0 case. (Mario) (cherry picked from commit 0880f58f9609f0200483a49429af0f050d281703)
AI Analysis
Technical Summary
CVE-2024-50221 is a high-severity vulnerability in the Linux kernel's AMD GPU driver, specifically affecting the 'drm/amd/pm' module for the Vangogh GPU architecture. The root cause is a kernel memory out-of-bounds write due to an insufficiently sized GPU metrics table allocated in the function vangogh_tables_init(). The vulnerability occurs because the table is allocated with 152 bytes, but a subsequent memset operation in smu_cmn_init_soft_gpu_metrics() writes 168 bytes, leading to a buffer overflow. This flaw was detected by Kernel Address Sanitizer (KASAN), which reported slab-out-of-bounds writes during GPU metrics initialization. The out-of-bounds write can corrupt kernel memory, potentially leading to system instability, crashes, or escalation of privileges. The vulnerability is classified under CWE-787 (Out-of-bounds Write). The fix applied is a brute-force increase in the allocation size to accommodate the larger memset operation, with plans for a more refined solution in the future. The vulnerability requires local privileges (low privilege required) but no user interaction, and it affects Linux kernel versions containing the vulnerable AMDGPU driver code for Vangogh GPUs. The CVSS 3.1 score is 7.8 (high), reflecting high impact on confidentiality, integrity, and availability due to the potential for kernel memory corruption and privilege escalation. No known exploits are currently reported in the wild.
Potential Impact
For European organizations, this vulnerability poses a significant risk particularly to systems running Linux kernels with AMD Vangogh GPUs, which are common in workstations, servers, and embedded devices. Exploitation could allow local attackers or malicious applications to corrupt kernel memory, potentially leading to privilege escalation, unauthorized access to sensitive data, or denial of service through system crashes. This is especially critical for organizations relying on Linux-based infrastructure for critical operations, including government agencies, financial institutions, and technology companies. The vulnerability could also affect cloud service providers and data centers in Europe that use AMD GPUs for compute workloads, potentially impacting multi-tenant environments. Given the requirement for local access, the threat is higher in environments where users have shell access or where untrusted code execution is possible. The absence of known exploits reduces immediate risk but patching is urgent to prevent future exploitation.
Mitigation Recommendations
European organizations should promptly apply the Linux kernel patches that address CVE-2024-50221 once available from their Linux distribution vendors. Until patches are deployed, organizations should restrict local access to systems with AMD Vangogh GPUs, enforce strict user privilege separation, and monitor for unusual kernel errors or crashes indicative of exploitation attempts. Security teams should audit systems to identify vulnerable kernel versions and affected hardware. Employing kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR), and enabling kernel lockdown features can reduce exploitation likelihood. Additionally, organizations should review and limit software that can execute with local privileges, especially untrusted or third-party applications. For cloud environments, isolate GPU-enabled instances and monitor for anomalous behavior. Coordination with Linux distribution maintainers to receive timely updates is critical. Finally, organizations should incorporate this vulnerability into their vulnerability management and incident response plans.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-50221: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Vangogh: Fix kernel memory out of bounds write KASAN reports that the GPU metrics table allocated in vangogh_tables_init() is not large enough for the memset done in smu_cmn_init_soft_gpu_metrics(). Condensed report follows: [ 33.861314] BUG: KASAN: slab-out-of-bounds in smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu] [ 33.861799] Write of size 168 at addr ffff888129f59500 by task mangoapp/1067 ... [ 33.861808] CPU: 6 UID: 1000 PID: 1067 Comm: mangoapp Tainted: G W 6.12.0-rc4 #356 1a56f59a8b5182eeaf67eb7cb8b13594dd23b544 [ 33.861816] Tainted: [W]=WARN [ 33.861818] Hardware name: Valve Galileo/Galileo, BIOS F7G0107 12/01/2023 [ 33.861822] Call Trace: [ 33.861826] <TASK> [ 33.861829] dump_stack_lvl+0x66/0x90 [ 33.861838] print_report+0xce/0x620 [ 33.861853] kasan_report+0xda/0x110 [ 33.862794] kasan_check_range+0xfd/0x1a0 [ 33.862799] __asan_memset+0x23/0x40 [ 33.862803] smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779] [ 33.863306] vangogh_get_gpu_metrics_v2_4+0x123/0xad0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779] [ 33.864257] vangogh_common_get_gpu_metrics+0xb0c/0xbc0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779] [ 33.865682] amdgpu_dpm_get_gpu_metrics+0xcc/0x110 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779] [ 33.866160] amdgpu_get_gpu_metrics+0x154/0x2d0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779] [ 33.867135] dev_attr_show+0x43/0xc0 [ 33.867147] sysfs_kf_seq_show+0x1f1/0x3b0 [ 33.867155] seq_read_iter+0x3f8/0x1140 [ 33.867173] vfs_read+0x76c/0xc50 [ 33.867198] ksys_read+0xfb/0x1d0 [ 33.867214] do_syscall_64+0x90/0x160 ... [ 33.867353] Allocated by task 378 on cpu 7 at 22.794876s: [ 33.867358] kasan_save_stack+0x33/0x50 [ 33.867364] kasan_save_track+0x17/0x60 [ 33.867367] __kasan_kmalloc+0x87/0x90 [ 33.867371] vangogh_init_smc_tables+0x3f9/0x840 [amdgpu] [ 33.867835] smu_sw_init+0xa32/0x1850 [amdgpu] [ 33.868299] amdgpu_device_init+0x467b/0x8d90 [amdgpu] [ 33.868733] amdgpu_driver_load_kms+0x19/0xf0 [amdgpu] [ 33.869167] amdgpu_pci_probe+0x2d6/0xcd0 [amdgpu] [ 33.869608] local_pci_probe+0xda/0x180 [ 33.869614] pci_device_probe+0x43f/0x6b0 Empirically we can confirm that the former allocates 152 bytes for the table, while the latter memsets the 168 large block. Root cause appears that when GPU metrics tables for v2_4 parts were added it was not considered to enlarge the table to fit. The fix in this patch is rather "brute force" and perhaps later should be done in a smarter way, by extracting and consolidating the part version to size logic to a common helper, instead of brute forcing the largest possible allocation. Nevertheless, for now this works and fixes the out of bounds write. v2: * Drop impossible v3_0 case. (Mario) (cherry picked from commit 0880f58f9609f0200483a49429af0f050d281703)
AI-Powered Analysis
Technical Analysis
CVE-2024-50221 is a high-severity vulnerability in the Linux kernel's AMD GPU driver, specifically affecting the 'drm/amd/pm' module for the Vangogh GPU architecture. The root cause is a kernel memory out-of-bounds write due to an insufficiently sized GPU metrics table allocated in the function vangogh_tables_init(). The vulnerability occurs because the table is allocated with 152 bytes, but a subsequent memset operation in smu_cmn_init_soft_gpu_metrics() writes 168 bytes, leading to a buffer overflow. This flaw was detected by Kernel Address Sanitizer (KASAN), which reported slab-out-of-bounds writes during GPU metrics initialization. The out-of-bounds write can corrupt kernel memory, potentially leading to system instability, crashes, or escalation of privileges. The vulnerability is classified under CWE-787 (Out-of-bounds Write). The fix applied is a brute-force increase in the allocation size to accommodate the larger memset operation, with plans for a more refined solution in the future. The vulnerability requires local privileges (low privilege required) but no user interaction, and it affects Linux kernel versions containing the vulnerable AMDGPU driver code for Vangogh GPUs. The CVSS 3.1 score is 7.8 (high), reflecting high impact on confidentiality, integrity, and availability due to the potential for kernel memory corruption and privilege escalation. No known exploits are currently reported in the wild.
Potential Impact
For European organizations, this vulnerability poses a significant risk particularly to systems running Linux kernels with AMD Vangogh GPUs, which are common in workstations, servers, and embedded devices. Exploitation could allow local attackers or malicious applications to corrupt kernel memory, potentially leading to privilege escalation, unauthorized access to sensitive data, or denial of service through system crashes. This is especially critical for organizations relying on Linux-based infrastructure for critical operations, including government agencies, financial institutions, and technology companies. The vulnerability could also affect cloud service providers and data centers in Europe that use AMD GPUs for compute workloads, potentially impacting multi-tenant environments. Given the requirement for local access, the threat is higher in environments where users have shell access or where untrusted code execution is possible. The absence of known exploits reduces immediate risk but patching is urgent to prevent future exploitation.
Mitigation Recommendations
European organizations should promptly apply the Linux kernel patches that address CVE-2024-50221 once available from their Linux distribution vendors. Until patches are deployed, organizations should restrict local access to systems with AMD Vangogh GPUs, enforce strict user privilege separation, and monitor for unusual kernel errors or crashes indicative of exploitation attempts. Security teams should audit systems to identify vulnerable kernel versions and affected hardware. Employing kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR), and enabling kernel lockdown features can reduce exploitation likelihood. Additionally, organizations should review and limit software that can execute with local privileges, especially untrusted or third-party applications. For cloud environments, isolate GPU-enabled instances and monitor for anomalous behavior. Coordination with Linux distribution maintainers to receive timely updates is critical. Finally, organizations should incorporate this vulnerability into their vulnerability management and incident response plans.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.973Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9824c4522896dcbdf58f
Added to database: 5/21/2025, 9:08:52 AM
Last enriched: 7/2/2025, 11:27:41 PM
Last updated: 8/14/2025, 12:33:52 AM
Views: 12
Related Threats
CVE-2025-9053: SQL Injection in projectworlds Travel Management System
MediumCVE-2025-9052: SQL Injection in projectworlds Travel Management System
MediumPlex warns users to patch security vulnerability immediately
HighCVE-2025-9019: Heap-based Buffer Overflow in tcpreplay
LowCVE-2025-9017: Cross Site Scripting in PHPGurukul Zoo Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.