Updated: 2026-02-27 02:41:14.535722
Description:
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix double free issue during amdgpu module unload Flexible endpoints use DIGs from available inflexible endpoints, so only the encoders of inflexible links need to be freed. Otherwise, a double free issue may occur when unloading the amdgpu module. [ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0 [ 279.190577] Call Trace: [ 279.190580] <TASK> [ 279.190582] ? show_regs+0x69/0x80 [ 279.190590] ? die+0x3b/0x90 [ 279.190595] ? do_trap+0xc8/0xe0 [ 279.190601] ? do_error_trap+0x73/0xa0 [ 279.190605] ? __slab_free+0x152/0x2f0 [ 279.190609] ? exc_invalid_op+0x56/0x70 [ 279.190616] ? __slab_free+0x152/0x2f0 [ 279.190642] ? asm_exc_invalid_op+0x1f/0x30 [ 279.190648] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191096] ? __slab_free+0x152/0x2f0 [ 279.191102] ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191469] kfree+0x260/0x2b0 [ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191821] link_destroy+0xd7/0x130 [amdgpu] [ 279.192248] dc_destruct+0x90/0x270 [amdgpu] [ 279.192666] dc_destroy+0x19/0x40 [amdgpu] [ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu] [ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu] [ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu] [ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu] [ 279.194436] amdgpu_pci_remove+0x40/0x80 [amdgpu] [ 279.194632] pci_device_remove+0x3a/0xa0 [ 279.194638] device_remove+0x40/0x70 [ 279.194642] device_release_driver_internal+0x1ad/0x210 [ 279.194647] driver_detach+0x4e/0xa0 [ 279.194650] bus_remove_driver+0x6f/0xf0 [ 279.194653] driver_unregister+0x33/0x60 [ 279.194657] pci_unregister_driver+0x44/0x90 [ 279.194662] amdgpu_exit+0x19/0x1f0 [amdgpu] [ 279.194939] __do_sys_delete_module.isra.0+0x198/0x2f0 [ 279.194946] __x64_sys_delete_module+0x16/0x20 [ 279.194950] do_syscall_64+0x58/0x120 [ 279.194954] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 279.194980] </TASK>
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2025:1743193221 | 2024-11-18 16:32:36 | |
| CentOS 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2024-11-06 13:30:43 | ||
| CentOS 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2024-11-06 13:30:43 | Not affected: this bug exists only in the AMDGPU Display Core (drm/amd/display) path that introduced... | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2024-11-06 13:30:43 | Not affected: the double‑free occurs only in AMD Display (drm/amd/display) builds that implement f... | |
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | Not Vulnerable | 2024-11-06 13:30:43 | Not affected: the double‑free occurs only in AMD Display (drm/amd/display) builds that implement f... | |
| CentOS Stream 8 ELS | kernel | 4.18.0 | 7.8 | HIGH | Released | CLSA-2024:1731431756 | 2024-11-12 13:31:57 | |
| CloudLinux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2024-11-06 13:30:43 | ||
| CloudLinux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2024-11-06 13:30:43 | Not affected: this bug exists only in the AMDGPU Display Core (drm/amd/display) path that introduced... | |
| Oracle Linux 6 ELS | kernel | 2.6.32 | 7.8 | HIGH | Not Vulnerable | 2024-11-06 13:30:43 | ||
| Oracle Linux 7 ELS | kernel | 3.10.0 | 7.8 | HIGH | Not Vulnerable | 2025-05-12 04:24:51 | Not affected: this bug exists only in the AMDGPU Display Core (drm/amd/display) path that introduced... |