Bug 2334688 (CVE-2024-56695) - CVE-2024-56695 kernel: drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()'
Summary: CVE-2024-56695 kernel: drm/amdkfd: Use dynamic allocation for CU occupancy ar...
Keywords:
Status: NEW
Alias: CVE-2024-56695
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-12-28 10:02 UTC by OSIDB Bzimport
Modified: 2025-03-11 14:09 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-12-28 10:02:42 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()'

The `kfd_get_cu_occupancy` function previously declared a large
`cu_occupancy` array as a local variable, which could lead to stack
overflows due to excessive stack usage. This commit replaces the static
array allocation with dynamic memory allocation using `kcalloc`,
thereby reducing the stack size.

This change avoids the risk of stack overflows in kernel space,  in
scenarios where `AMDGPU_MAX_QUEUES` is large. The  allocated memory is
freed using `kfree` before the function returns  to prevent memory
leaks.

Fixes the below with gcc W=1:
drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_process.c: In function ‘kfd_get_cu_occupancy’:
drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_process.c:322:1: warning: the frame size of 1056 bytes is larger than 1024 bytes [-Wframe-larger-than=]
  322 | }
      | ^
Comment 1 Avinash Hanwate 2024-12-29 06:05:34 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024122835-CVE-2024-56695-110a@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.