CVE-2024-50221

Summary

CVE-2024-50221: In the Linux kernel's drm/amd/pm driver, a memory out-of-bounds write vulnerability (KASAN report) has been identified and resolved. The issue occurs due to the insufficient size of the GPU metrics table allocated in vangogh_tables_init() for the memset operation in smu_cmn_init_soft_gpu_metrics(). The cause of this oversight was the addition of GPU metrics tables for v2_4 parts without considering the need to enlarge the table. This vulnerability allowed a task, mangoapp, to write to an unintended memory location. The patch addresses this issue with a "brute force" fix, but a more elegant solution is recommended for future enhancements.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.