[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-26656":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":76,"related":77,"reserved_at":9,"published_at":87,"modified_at":88,"state":89,"summary":90,"references_raw":99,"kevs":126,"epss":127,"epss_history":130,"metrics":376,"affected":382},"CVE-2024-26656","In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix use-after-free bug\n\nThe bug can be triggered by sending a single amdgpu_gem_userptr_ioctl\nto the AMDGPU DRM driver on any ASICs with an invalid address and size.\nThe bug was reported by Joonkyo Jung \u003Cjoonkyoj@yonsei.ac.kr>.\nFor example the following code:\n\nstatic void Syzkaller1(int fd)\n{\n\tstruct drm_amdgpu_gem_userptr arg;\n\tint ret;\n\n\targ.addr = 0xffffffffffff0000;\n\targ.size = 0x80000000; /*2 Gb*/\n\targ.flags = 0x7;\n\tret = drmIoctl(fd, 0xc1186451/*amdgpu_gem_userptr_ioctl*/, &arg);\n}\n\nDue to the address and size are not valid there is a failure in\namdgpu_hmm_register->mmu_interval_notifier_insert->__mmu_interval_notifier_insert->\ncheck_shl_overflow, but we even the amdgpu_hmm_register failure we still call\namdgpu_hmm_unregister into  amdgpu_gem_object_free which causes access to a bad address.\nThe following stack is below when the issue is reproduced when Kazan is enabled:\n\n[  +0.000014] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020\n[  +0.000009] RIP: 0010:mmu_interval_notifier_remove+0x327/0x340\n[  +0.000017] Code: ff ff 49 89 44 24 08 48 b8 00 01 00 00 00 00 ad de 4c 89 f7 49 89 47 40 48 83 c0 22 49 89 47 48 e8 ce d1 2d 01 e9 32 ff ff ff \u003C0f> 0b e9 16 ff ff ff 4c 89 ef e8 fa 14 b3 ff e9 36 ff ff ff e8 80\n[  +0.000014] RSP: 0018:ffffc90002657988 EFLAGS: 00010246\n[  +0.000013] RAX: 0000000000000000 RBX: 1ffff920004caf35 RCX: ffffffff8160565b\n[  +0.000011] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffff8881a9f78260\n[  +0.000010] RBP: ffffc90002657a70 R08: 0000000000000001 R09: fffff520004caf25\n[  +0.000010] R10: 0000000000000003 R11: ffffffff8161d1d6 R12: ffff88810e988c00\n[  +0.000010] R13: ffff888126fb5a00 R14: ffff88810e988c0c R15: ffff8881a9f78260\n[  +0.000011] FS:  00007ff9ec848540(0000) GS:ffff8883cc880000(0000) knlGS:0000000000000000\n[  +0.000012] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  +0.000010] CR2: 000055b3f7e14328 CR3: 00000001b5770000 CR4: 0000000000350ef0\n[  +0.000010] Call Trace:\n[  +0.000006]  \u003CTASK>\n[  +0.000007]  ? show_regs+0x6a/0x80\n[  +0.000018]  ? __warn+0xa5/0x1b0\n[  +0.000019]  ? mmu_interval_notifier_remove+0x327/0x340\n[  +0.000018]  ? report_bug+0x24a/0x290\n[  +0.000022]  ? handle_bug+0x46/0x90\n[  +0.000015]  ? exc_invalid_op+0x19/0x50\n[  +0.000016]  ? asm_exc_invalid_op+0x1b/0x20\n[  +0.000017]  ? kasan_save_stack+0x26/0x50\n[  +0.000017]  ? mmu_interval_notifier_remove+0x23b/0x340\n[  +0.000019]  ? mmu_interval_notifier_remove+0x327/0x340\n[  +0.000019]  ? mmu_interval_notifier_remove+0x23b/0x340\n[  +0.000020]  ? __pfx_mmu_interval_notifier_remove+0x10/0x10\n[  +0.000017]  ? kasan_save_alloc_info+0x1e/0x30\n[  +0.000018]  ? srso_return_thunk+0x5/0x5f\n[  +0.000014]  ? __kasan_kmalloc+0xb1/0xc0\n[  +0.000018]  ? srso_return_thunk+0x5/0x5f\n[  +0.000013]  ? __kasan_check_read+0x11/0x20\n[  +0.000020]  amdgpu_hmm_unregister+0x34/0x50 [amdgpu]\n[  +0.004695]  amdgpu_gem_object_free+0x66/0xa0 [amdgpu]\n[  +0.004534]  ? __pfx_amdgpu_gem_object_free+0x10/0x10 [amdgpu]\n[  +0.004291]  ? do_syscall_64+0x5f/0xe0\n[  +0.000023]  ? srso_return_thunk+0x5/0x5f\n[  +0.000017]  drm_gem_object_free+0x3b/0x50 [drm]\n[  +0.000489]  amdgpu_gem_userptr_ioctl+0x306/0x500 [amdgpu]\n[  +0.004295]  ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu]\n[  +0.004270]  ? srso_return_thunk+0x5/0x5f\n[  +0.000014]  ? __this_cpu_preempt_check+0x13/0x20\n[  +0.000015]  ? srso_return_thunk+0x5/0x5f\n[  +0.000013]  ? sysvec_apic_timer_interrupt+0x57/0xc0\n[  +0.000020]  ? srso_return_thunk+0x5/0x5f\n[  +0.000014]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20\n[  +0.000022]  ? drm_ioctl_kernel+0x17b/0x1f0 [drm]\n[  +0.000496]  ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu]\n[  +0.004272]  ? drm_ioctl_kernel+0x190/0x1f0 [drm]\n[  +0.000492]  drm_ioctl_kernel+0x140/0x1f0 [drm]\n[  +0.000497]  ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu]\n[  +0.004297]  ? __pfx_drm_ioctl_kernel+0x10/0x10 [d\n---truncated---",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","weakness","Stable","Variant","High",[],[],[],[],[24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74],{"_key":25},"SUSE-SU-2024:1644-1",{"_key":27},"SUSE-SU-2024:1659-1",{"_key":29},"SUSE-SU-2024:2203-1",{"_key":31},"SUSE-SU-2024:1663-1",{"_key":33},"SUSE-SU-2024:2135-1",{"_key":35},"SUSE-SU-2024:2973-1",{"_key":37},"DLA-4193-1",{"_key":39},"DSA-5900-1",{"_key":41},"SUSE-SU-2025:20008-1",{"_key":43},"MGASA-2024-0141",{"_key":45},"MGASA-2024-0142",{"_key":47},"DEBIAN-CVE-2024-26656",{"_key":49},"RHSA-2024:4740",{"_key":51},"RHSA-2024:9497",{"_key":53},"RHSA-2024:9498",{"_key":55},"RHSA-2024:9500",{"_key":57},"RHSA-2024:9546",{"_key":59},"RHSA-2024:4211",{"_key":61},"RHSA-2024:4352",{"_key":63},"RHSA-2024:9315",{"_key":65},"UBUNTU-CVE-2024-26656",{"_key":67},"USN-6816-1",{"_key":69},"USN-6817-1",{"_key":71},"USN-6817-2",{"_key":73},"USN-6817-3",{"_key":75},"USN-6878-1",[],[78,79,80,81,82,83,84,85,86],{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":41},{"_key":43},{"_key":45},"2024-04-02T06:08:43.558Z","2026-05-11T20:01:37.568Z","Modified",{"cisa_kev":91,"cisa_ransomware":91,"cisa_vendor":9,"epss_severity":92,"epss_score":93,"severity":94,"severity_score":95,"severity_version":96,"severity_source":97,"severity_vector":98,"severity_status":89},false,"low",0.00011,"medium",5.5,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",[100,105,110,114,118,122],{"url":101,"sources":102,"tags":104},"https://git.kernel.org/stable/c/2e13f88e01ae7e28a7e831bf5c2409c4748e0a60",[103,97],"cve.org",[],{"url":106,"sources":107,"tags":108},"https://git.kernel.org/stable/c/e87e08c94c9541b4e18c4c13f2f605935f512605",[103,97],[109],"Patch",{"url":111,"sources":112,"tags":113},"https://git.kernel.org/stable/c/af054a5fb24a144f99895afce9519d709891894c",[103,97],[109],{"url":115,"sources":116,"tags":117},"https://git.kernel.org/stable/c/22f665ecfd1225afa1309ace623157d12bb9bb0c",[103,97],[109],{"url":119,"sources":120,"tags":121},"https://git.kernel.org/stable/c/22207fd5c80177b860279653d017474b2812af5e",[103,97],[109],{"url":123,"sources":124,"tags":125},"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html",[103,97],[],[],{"date":128,"score":93,"percentile":129},"2026-06-03",0.01459,[131,135,138,141,144,147,149,152,155,158,161,164,167,169,172,176,179,182,185,188,191,194,197,200,203,205,207,209,212,215,217,219,222,225,228,231,234,237,240,242,244,246,249,251,253,256,259,261,264,267,270,272,275,277,279,281,283,285,288,291,293,295,297,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,344,347,349,352,354,356,359,362,365,368,370,373],{"date":132,"score":133,"percentile":134},"2025-11-04",0.00012,0.0119,{"date":136,"score":133,"percentile":137},"2025-11-05",0.0121,{"date":139,"score":133,"percentile":140},"2025-11-06",0.01221,{"date":142,"score":133,"percentile":143},"2025-11-07",0.01223,{"date":145,"score":133,"percentile":146},"2025-11-08",0.01226,{"date":148,"score":133,"percentile":143},"2025-11-09",{"date":150,"score":133,"percentile":151},"2025-11-10",0.01213,{"date":153,"score":133,"percentile":154},"2025-11-11",0.01218,{"date":156,"score":133,"percentile":157},"2025-11-12",0.01219,{"date":159,"score":133,"percentile":160},"2025-11-13",0.01224,{"date":162,"score":133,"percentile":163},"2025-11-14",0.01238,{"date":165,"score":133,"percentile":166},"2025-11-15",0.01254,{"date":168,"score":133,"percentile":166},"2025-11-16",{"date":170,"score":133,"percentile":171},"2025-11-17",0.01245,{"date":173,"score":174,"percentile":175},"2025-11-18",0.00088,0.21316,{"date":177,"score":174,"percentile":178},"2025-11-19",0.21328,{"date":180,"score":174,"percentile":181},"2025-11-20",0.21301,{"date":183,"score":133,"percentile":184},"2025-11-21",0.01295,{"date":186,"score":133,"percentile":187},"2025-11-22",0.01292,{"date":189,"score":133,"percentile":190},"2025-11-23",0.01281,{"date":192,"score":133,"percentile":193},"2025-11-24",0.01274,{"date":195,"score":133,"percentile":196},"2025-11-25",0.01268,{"date":198,"score":133,"percentile":199},"2025-11-26",0.01207,{"date":201,"score":133,"percentile":202},"2025-11-27",0.01205,{"date":204,"score":133,"percentile":137},"2025-11-28",{"date":206,"score":133,"percentile":171},"2025-11-29",{"date":208,"score":133,"percentile":166},"2025-11-30",{"date":210,"score":133,"percentile":211},"2025-12-01",0.0128,{"date":213,"score":133,"percentile":214},"2025-12-02",0.01276,{"date":216,"score":133,"percentile":211},"2025-12-03",{"date":218,"score":133,"percentile":166},"2025-12-04",{"date":220,"score":133,"percentile":221},"2025-12-05",0.0127,{"date":223,"score":133,"percentile":224},"2025-12-06",0.01273,{"date":226,"score":133,"percentile":227},"2025-12-07",0.01271,{"date":229,"score":133,"percentile":230},"2025-12-08",0.01272,{"date":232,"score":133,"percentile":233},"2025-12-09",0.01284,{"date":235,"score":133,"percentile":236},"2025-12-10",0.01296,{"date":238,"score":133,"percentile":239},"2025-12-11",0.01287,{"date":241,"score":133,"percentile":239},"2025-12-12",{"date":243,"score":133,"percentile":224},"2025-12-13",{"date":245,"score":133,"percentile":227},"2025-12-14",{"date":247,"score":133,"percentile":248},"2025-12-15",0.01269,{"date":250,"score":133,"percentile":193},"2025-12-16",{"date":252,"score":133,"percentile":193},"2025-12-17",{"date":254,"score":133,"percentile":255},"2025-12-18",0.01262,{"date":257,"score":133,"percentile":258},"2025-12-19",0.01266,{"date":260,"score":133,"percentile":258},"2025-12-20",{"date":262,"score":133,"percentile":263},"2025-12-21",0.01277,{"date":265,"score":133,"percentile":266},"2025-12-22",0.01278,{"date":268,"score":133,"percentile":269},"2025-12-23",0.01279,{"date":271,"score":133,"percentile":211},"2025-12-24",{"date":273,"score":133,"percentile":274},"2025-12-25",0.01283,{"date":276,"score":133,"percentile":233},"2025-12-26",{"date":278,"score":133,"percentile":211},"2025-12-27",{"date":280,"score":133,"percentile":269},"2025-12-28",{"date":282,"score":133,"percentile":227},"2025-12-29",{"date":284,"score":133,"percentile":258},"2025-12-30",{"date":286,"score":133,"percentile":287},"2025-12-31",0.01265,{"date":289,"score":133,"percentile":290},"2026-01-01",0.01286,{"date":292,"score":133,"percentile":211},"2026-01-02",{"date":294,"score":133,"percentile":274},"2026-01-03",{"date":296,"score":133,"percentile":166},"2026-01-04",{"date":298,"score":93,"percentile":299},"2026-01-05",0.01035,{"date":301,"score":93,"percentile":302},"2026-01-06",0.01031,{"date":304,"score":93,"percentile":305},"2026-01-07",0.01033,{"date":307,"score":93,"percentile":308},"2026-01-08",0.01043,{"date":310,"score":93,"percentile":311},"2026-01-09",0.01057,{"date":313,"score":93,"percentile":314},"2026-01-10",0.01062,{"date":316,"score":93,"percentile":317},"2026-01-11",0.0106,{"date":319,"score":93,"percentile":320},"2026-01-12",0.01065,{"date":322,"score":93,"percentile":323},"2026-01-13",0.01063,{"date":325,"score":93,"percentile":326},"2026-01-14",0.01061,{"date":328,"score":93,"percentile":329},"2026-01-15",0.01073,{"date":331,"score":93,"percentile":332},"2026-01-16",0.01078,{"date":334,"score":93,"percentile":335},"2026-01-17",0.0108,{"date":337,"score":93,"percentile":338},"2026-01-18",0.01093,{"date":340,"score":93,"percentile":341},"2026-01-19",0.0109,{"date":343,"score":93,"percentile":335},"2026-01-20",{"date":345,"score":93,"percentile":346},"2026-01-21",0.01076,{"date":348,"score":93,"percentile":335},"2026-01-22",{"date":350,"score":93,"percentile":351},"2026-01-23",0.01092,{"date":353,"score":93,"percentile":341},"2026-01-24",{"date":355,"score":93,"percentile":341},"2026-01-25",{"date":357,"score":93,"percentile":358},"2026-01-26",0.01091,{"date":360,"score":93,"percentile":361},"2026-01-27",0.01083,{"date":363,"score":93,"percentile":364},"2026-01-28",0.01082,{"date":366,"score":93,"percentile":367},"2026-01-29",0.01088,{"date":369,"score":93,"percentile":351},"2026-01-30",{"date":371,"score":93,"percentile":372},"2026-01-31",0.01104,{"date":374,"score":93,"percentile":375},"2026-02-01",0.01127,[377],{"source":97,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":378,"cvss_v4_0":9},{"baseScore":95,"baseSeverity":379,"vectorString":98,"impactScore":380,"exploitabilityScore":381},"MEDIUM",6,4.6,[383,409],{"ecosystem":9,"name":384,"vendor":385,"product":385,"cpe_part":386,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":387},"Linux","linux","a",[388,395,398,401,404,407],{"version":389,"is_range":390,"range_type":103,"version_start":391,"version_start_type":392,"version_end":393,"version_end_type":394,"fixed_in":9},">= d38ceaf99ed015f2a0b9af3499791bd3a3daae21, \u003C 2e13f88e01ae7e28a7e831bf5c2409c4748e0a60",true,"d38ceaf99ed015f2a0b9af3499791bd3a3daae21","including","2e13f88e01ae7e28a7e831bf5c2409c4748e0a60","excluding",{"version":396,"is_range":390,"range_type":103,"version_start":391,"version_start_type":392,"version_end":397,"version_end_type":394,"fixed_in":9},">= d38ceaf99ed015f2a0b9af3499791bd3a3daae21, \u003C e87e08c94c9541b4e18c4c13f2f605935f512605","e87e08c94c9541b4e18c4c13f2f605935f512605",{"version":399,"is_range":390,"range_type":103,"version_start":391,"version_start_type":392,"version_end":400,"version_end_type":394,"fixed_in":9},">= d38ceaf99ed015f2a0b9af3499791bd3a3daae21, \u003C af054a5fb24a144f99895afce9519d709891894c","af054a5fb24a144f99895afce9519d709891894c",{"version":402,"is_range":390,"range_type":103,"version_start":391,"version_start_type":392,"version_end":403,"version_end_type":394,"fixed_in":9},">= d38ceaf99ed015f2a0b9af3499791bd3a3daae21, \u003C 22f665ecfd1225afa1309ace623157d12bb9bb0c","22f665ecfd1225afa1309ace623157d12bb9bb0c",{"version":405,"is_range":390,"range_type":103,"version_start":391,"version_start_type":392,"version_end":406,"version_end_type":394,"fixed_in":9},">= d38ceaf99ed015f2a0b9af3499791bd3a3daae21, \u003C 22207fd5c80177b860279653d017474b2812af5e","22207fd5c80177b860279653d017474b2812af5e",{"version":408,"is_range":91,"range_type":103,"version_start":408,"version_start_type":392,"version_end":408,"version_end_type":392,"fixed_in":9},"4.2",{"ecosystem":9,"name":410,"vendor":385,"product":411,"cpe_part":412,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":413},"linux kernel","linux_kernel","o",[414],{"version":415,"is_range":390,"range_type":416,"version_start":9,"version_start_type":9,"version_end":417,"version_end_type":394,"fixed_in":9},"lt6.9","cpe","6.9"]