Resource Injection Affecting kernel-modules-extra package, versions <0:4.18.0-553.22.1.el8_10
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS8-KERNELMODULESEXTRA-7512268
- published 17 Jul 2024
- disclosed 16 Jul 2024
Introduced: 16 Jul 2024
CVE-2024-41008 Open this link in a new tabHow to fix?
Upgrade Centos:8 kernel-modules-extra to version 0:4.18.0-553.22.1.el8_10 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-modules-extra package and not the kernel-modules-extra package as distributed by Centos.
See How to fix? for Centos:8 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: change vm->task_info handling
This patch changes the handling and lifecycle of vm->task_info object. The major changes are:
- vm->task_info is a dynamically allocated ptr now, and its uasge is reference counted.
- introducing two new helper funcs for task_info lifecycle management
- amdgpu_vm_get_task_info: reference counts up task_info before returning this info
- amdgpu_vm_put_task_info: reference counts down task_info
- last put to task_info() frees task_info from the vm.
This patch also does logistical changes required for existing usage of vm->task_info.
V2: Do not block all the prints when task_info not found (Felix)
V3: Fixed review comments from Felix
- Fix wrong indentation
- No debug message for -ENOMEM
- Add NULL check for task_info
- Do not duplicate the debug messages (ti vs no ti)
- Get first reference of task_info in vm_init(), put last in vm_fini()
V4: Fixed review comments from Felix
- fix double reference increment in create_task_info
- change amdgpu_vm_get_task_info_pasid
- additional changes in amdgpu_gem.c while porting