CVE-2024-57921: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add a lock when accessing the buddy trim function When running YouTube videos and Steam games simultaneously, the tester found a system hang / race condition issue with the multi-display configuration setting. Adding a lock to the buddy allocator's trim function would be the solution. <log snip> [ 7197.250436] general protection fault, probably for non-canonical address 0xdead000000000108 [ 7197.250447] RIP: 0010:__alloc_range+0x8b/0x340 [amddrm_buddy] [ 7197.250470] Call Trace: [ 7197.250472] <TASK> [ 7197.250475] ? show_regs+0x6d/0x80 [ 7197.250481] ? die_addr+0x37/0xa0 [ 7197.250483] ? exc_general_protection+0x1db/0x480 [ 7197.250488] ? drm_suballoc_new+0x13c/0x93d [drm_suballoc_helper] [ 7197.250493] ? asm_exc_general_protection+0x27/0x30 [ 7197.250498] ? __alloc_range+0x8b/0x340 [amddrm_buddy] [ 7197.250501] ? __alloc_range+0x109/0x340 [amddrm_buddy] [ 7197.250506] amddrm_buddy_block_trim+0x1b5/0x260 [amddrm_buddy] [ 7197.250511] amdgpu_vram_mgr_new+0x4f5/0x590 [amdgpu] [ 7197.250682] amdttm_resource_alloc+0x46/0xb0 [amdttm] [ 7197.250689] ttm_bo_alloc_resource+0xe4/0x370 [amdttm] [ 7197.250696] amdttm_bo_validate+0x9d/0x180 [amdttm] [ 7197.250701] amdgpu_bo_pin+0x15a/0x2f0 [amdgpu] [ 7197.250831] amdgpu_dm_plane_helper_prepare_fb+0xb2/0x360 [amdgpu] [ 7197.251025] ? try_wait_for_completion+0x59/0x70 [ 7197.251030] drm_atomic_helper_prepare_planes.part.0+0x2f/0x1e0 [ 7197.251035] drm_atomic_helper_prepare_planes+0x5d/0x70 [ 7197.251037] drm_atomic_helper_commit+0x84/0x160 [ 7197.251040] drm_atomic_nonblocking_commit+0x59/0x70 [ 7197.251043] drm_mode_atomic_ioctl+0x720/0x850 [ 7197.251047] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 7197.251049] drm_ioctl_kernel+0xb9/0x120 [ 7197.251053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 7197.251056] drm_ioctl+0x2d4/0x550 [ 7197.251058] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 7197.251063] amdgpu_drm_ioctl+0x4e/0x90 [amdgpu] [ 7197.251186] __x64_sys_ioctl+0xa0/0xf0 [ 7197.251190] x64_sys_call+0x143b/0x25c0 [ 7197.251193] do_syscall_64+0x7f/0x180 [ 7197.251197] ? srso_alias_return_thunk+0x5/0xfbef5 [ 7197.251199] ? amdgpu_display_user_framebuffer_create+0x215/0x320 [amdgpu] [ 7197.251329] ? drm_internal_framebuffer_create+0xb7/0x1a0 [ 7197.251332] ? srso_alias_return_thunk+0x5/0xfbef5 (cherry picked from commit 3318ba94e56b9183d0304577c74b33b6b01ce516)
AI Analysis
Technical Summary
CVE-2024-57921 is a vulnerability identified in the Linux kernel's AMD GPU driver subsystem, specifically within the drm/amdgpu module. The issue arises from a race condition related to the buddy allocator's trim function, which manages memory allocation for GPU resources. When running concurrent GPU-intensive workloads, such as playing YouTube videos and Steam games simultaneously on a multi-display setup, the system may experience hangs or general protection faults due to improper synchronization. The root cause is the lack of a locking mechanism when accessing the buddy trim function, leading to concurrent access issues and potential corruption of memory management structures. The vulnerability manifests as a system hang or crash with kernel logs indicating general protection faults and faults in the __alloc_range and amddrm_buddy functions. The fix involves adding a lock to the buddy allocator's trim function to prevent race conditions and ensure thread-safe memory management. This vulnerability affects Linux kernel versions containing the specified commit (4a5ad08f537703c35cf7cc29845381805c891d9b) and potentially other versions using the affected amdgpu driver code. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability impacts the confidentiality, integrity, and availability of systems by causing denial of service through system hangs or crashes during GPU resource allocation under multi-display and multi-application workloads.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux with AMD GPUs, especially those used in environments requiring multi-display setups and concurrent GPU-intensive applications, such as media production, gaming, or scientific visualization. The system hangs or crashes could lead to denial of service, disrupting business operations, causing data loss, or impacting service availability. Organizations relying on Linux-based workstations or servers with AMD GPUs for critical tasks may experience productivity losses and increased support costs. Although this vulnerability does not appear to allow privilege escalation or direct data leakage, the instability it causes can indirectly affect system integrity and availability. Given the widespread use of Linux in enterprise environments across Europe, particularly in technology, research, and media sectors, the impact could be significant if unpatched systems are exposed to workloads triggering this race condition. However, the lack of known exploits and the requirement for specific multi-display and concurrent GPU usage scenarios somewhat limit the immediate risk.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize updating their Linux kernels to versions that include the patch adding the necessary locking mechanism to the amdgpu buddy allocator's trim function. Kernel updates should be applied promptly, especially on systems with AMD GPUs used in multi-display or GPU-intensive environments. Organizations should audit their Linux systems to identify those running affected kernel versions and AMD GPU drivers. Until patches are applied, minimizing concurrent GPU workloads that involve multi-display configurations can reduce the likelihood of triggering the race condition. Additionally, monitoring system logs for signs of GPU-related kernel faults or hangs can help detect attempts to exploit this issue. For environments where immediate patching is not feasible, consider isolating affected systems or limiting user access to GPU-intensive applications. Engaging with Linux distribution vendors for backported patches and security advisories is also recommended to ensure timely remediation.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland
CVE-2024-57921: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add a lock when accessing the buddy trim function When running YouTube videos and Steam games simultaneously, the tester found a system hang / race condition issue with the multi-display configuration setting. Adding a lock to the buddy allocator's trim function would be the solution. <log snip> [ 7197.250436] general protection fault, probably for non-canonical address 0xdead000000000108 [ 7197.250447] RIP: 0010:__alloc_range+0x8b/0x340 [amddrm_buddy] [ 7197.250470] Call Trace: [ 7197.250472] <TASK> [ 7197.250475] ? show_regs+0x6d/0x80 [ 7197.250481] ? die_addr+0x37/0xa0 [ 7197.250483] ? exc_general_protection+0x1db/0x480 [ 7197.250488] ? drm_suballoc_new+0x13c/0x93d [drm_suballoc_helper] [ 7197.250493] ? asm_exc_general_protection+0x27/0x30 [ 7197.250498] ? __alloc_range+0x8b/0x340 [amddrm_buddy] [ 7197.250501] ? __alloc_range+0x109/0x340 [amddrm_buddy] [ 7197.250506] amddrm_buddy_block_trim+0x1b5/0x260 [amddrm_buddy] [ 7197.250511] amdgpu_vram_mgr_new+0x4f5/0x590 [amdgpu] [ 7197.250682] amdttm_resource_alloc+0x46/0xb0 [amdttm] [ 7197.250689] ttm_bo_alloc_resource+0xe4/0x370 [amdttm] [ 7197.250696] amdttm_bo_validate+0x9d/0x180 [amdttm] [ 7197.250701] amdgpu_bo_pin+0x15a/0x2f0 [amdgpu] [ 7197.250831] amdgpu_dm_plane_helper_prepare_fb+0xb2/0x360 [amdgpu] [ 7197.251025] ? try_wait_for_completion+0x59/0x70 [ 7197.251030] drm_atomic_helper_prepare_planes.part.0+0x2f/0x1e0 [ 7197.251035] drm_atomic_helper_prepare_planes+0x5d/0x70 [ 7197.251037] drm_atomic_helper_commit+0x84/0x160 [ 7197.251040] drm_atomic_nonblocking_commit+0x59/0x70 [ 7197.251043] drm_mode_atomic_ioctl+0x720/0x850 [ 7197.251047] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 7197.251049] drm_ioctl_kernel+0xb9/0x120 [ 7197.251053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 7197.251056] drm_ioctl+0x2d4/0x550 [ 7197.251058] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 7197.251063] amdgpu_drm_ioctl+0x4e/0x90 [amdgpu] [ 7197.251186] __x64_sys_ioctl+0xa0/0xf0 [ 7197.251190] x64_sys_call+0x143b/0x25c0 [ 7197.251193] do_syscall_64+0x7f/0x180 [ 7197.251197] ? srso_alias_return_thunk+0x5/0xfbef5 [ 7197.251199] ? amdgpu_display_user_framebuffer_create+0x215/0x320 [amdgpu] [ 7197.251329] ? drm_internal_framebuffer_create+0xb7/0x1a0 [ 7197.251332] ? srso_alias_return_thunk+0x5/0xfbef5 (cherry picked from commit 3318ba94e56b9183d0304577c74b33b6b01ce516)
AI-Powered Analysis
Technical Analysis
CVE-2024-57921 is a vulnerability identified in the Linux kernel's AMD GPU driver subsystem, specifically within the drm/amdgpu module. The issue arises from a race condition related to the buddy allocator's trim function, which manages memory allocation for GPU resources. When running concurrent GPU-intensive workloads, such as playing YouTube videos and Steam games simultaneously on a multi-display setup, the system may experience hangs or general protection faults due to improper synchronization. The root cause is the lack of a locking mechanism when accessing the buddy trim function, leading to concurrent access issues and potential corruption of memory management structures. The vulnerability manifests as a system hang or crash with kernel logs indicating general protection faults and faults in the __alloc_range and amddrm_buddy functions. The fix involves adding a lock to the buddy allocator's trim function to prevent race conditions and ensure thread-safe memory management. This vulnerability affects Linux kernel versions containing the specified commit (4a5ad08f537703c35cf7cc29845381805c891d9b) and potentially other versions using the affected amdgpu driver code. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability impacts the confidentiality, integrity, and availability of systems by causing denial of service through system hangs or crashes during GPU resource allocation under multi-display and multi-application workloads.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux with AMD GPUs, especially those used in environments requiring multi-display setups and concurrent GPU-intensive applications, such as media production, gaming, or scientific visualization. The system hangs or crashes could lead to denial of service, disrupting business operations, causing data loss, or impacting service availability. Organizations relying on Linux-based workstations or servers with AMD GPUs for critical tasks may experience productivity losses and increased support costs. Although this vulnerability does not appear to allow privilege escalation or direct data leakage, the instability it causes can indirectly affect system integrity and availability. Given the widespread use of Linux in enterprise environments across Europe, particularly in technology, research, and media sectors, the impact could be significant if unpatched systems are exposed to workloads triggering this race condition. However, the lack of known exploits and the requirement for specific multi-display and concurrent GPU usage scenarios somewhat limit the immediate risk.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize updating their Linux kernels to versions that include the patch adding the necessary locking mechanism to the amdgpu buddy allocator's trim function. Kernel updates should be applied promptly, especially on systems with AMD GPUs used in multi-display or GPU-intensive environments. Organizations should audit their Linux systems to identify those running affected kernel versions and AMD GPU drivers. Until patches are applied, minimizing concurrent GPU workloads that involve multi-display configurations can reduce the likelihood of triggering the race condition. Additionally, monitoring system logs for signs of GPU-related kernel faults or hangs can help detect attempts to exploit this issue. For environments where immediate patching is not feasible, consider isolating affected systems or limiting user access to GPU-intensive applications. Engaging with Linux distribution vendors for backported patches and security advisories is also recommended to ensure timely remediation.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-01-19T11:50:08.375Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdea4c
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 8:56:50 AM
Last updated: 8/4/2025, 12:33:29 AM
Views: 17
Related Threats
CVE-2025-8285: CWE-862: Missing Authorization in Mattermost Mattermost Confluence Plugin
MediumCVE-2025-54525: CWE-1287: Improper Validation of Specified Type of Input in Mattermost Mattermost Confluence Plugin
HighCVE-2025-54478: CWE-306: Missing Authentication for Critical Function in Mattermost Mattermost Confluence Plugin
HighCVE-2025-54463: CWE-754: Improper Check for Unusual or Exceptional Conditions in Mattermost Mattermost Confluence Plugin
MediumCVE-2025-54458: CWE-862: Missing Authorization in Mattermost Mattermost Confluence Plugin
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.