CVE-2024-36022 Affecting kernel-modules-extra package, versions <0:5.14.0-503.11.1.el9_5


Severity

Recommended
medium

Based on Oracle Linux security rating.

Threat Intelligence

EPSS
0.04% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ORACLE9-KERNELMODULESEXTRA-8388475
  • published20 Nov 2024
  • disclosed30 May 2024

Introduced: 30 May 2024

CVE-2024-36022  (opens in a new tab)
First added by Snyk

How to fix?

Upgrade Oracle:9 kernel-modules-extra to version 0:5.14.0-503.11.1.el9_5 or higher.
This issue was patched in ELSA-2024-9315.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-modules-extra package and not the kernel-modules-extra package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Init zone device and drm client after mode-1 reset on reload

In passthrough environment, when amdgpu is reloaded after unload, mode-1 is triggered after initializing the necessary IPs, That init does not include KFD, and KFD init waits until the reset is completed. KFD init is called in the reset handler, but in this case, the zone device and drm client is not initialized, causing app to create kernel panic.

v2: Removing the init KFD condition from amdgpu_amdkfd_drm_client_create. As the previous version has the potential of creating DRM client twice.

v3: v2 patch results in SDMA engine hung as DRM open causes VM clear to SDMA before SDMA init. Adding the condition to in drm client creation, on top of v1, to guard against drm client creation call multiple times.

CVSS Scores

version 3.1