CVE-2024-36949

low-risk

Published 2024-05-30

In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the first device will call kfd_suspend_all_processes() to evict all processes on all devices, this call takes time to finish. other device will start reset and recover without waiting. if the process has not been evicted before doing recover, it will be restored, then caused page fault.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.7/10 Medium

LOCAL / HIGH complexity

Affected Products (4)

Linux Kernel

Affected Vendors

Linux

References (6)

Patch https://git.kernel.org/stable/c/b6f6626528fe724b512c34f3fb5946c36a135f58

Patch https://git.kernel.org/stable/c/d06af584be5a769d124b7302b32a033e9559761d

Patch https://git.kernel.org/stable/c/ed28ef3840bbf93a64376ea7814ce39f86352e14

Patch https://git.kernel.org/stable/c/b6f6626528fe724b512c34f3fb5946c36a135f58

Patch https://git.kernel.org/stable/c/d06af584be5a769d124b7302b32a033e9559761d

Patch https://git.kernel.org/stable/c/ed28ef3840bbf93a64376ea7814ce39f86352e14

/ 100

low-risk

Severity 12/34 · Low

Exploitability 0/34 · Minimal

Exposure 10/34 · Low