GPU Command Processing Memory Corruption Vulnerability in AMD Radeon Software
CVE-2024-38421 Published on November 4, 2024
Use After Free in Graphics Linux
Memory corruption while processing GPU commands.
Vulnerability Analysis
CVE-2024-38421 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
Weakness Type
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2024-38421 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2024-38421
stack.watch emails you whenever new vulnerabilities are published in Google Android or AMD Radeon Software. Just hit a watch button to start following.
Affected Versions
Qualcomm, Inc. Snapdragon:- Version FastConnect 6200 is affected.
- Version FastConnect 7800 is affected.
- Version QAM8255P is affected.
- Version QAM8295P is affected.
- Version QAM8620P is affected.
- Version QAM8650P is affected.
- Version QAM8775P is affected.
- Version QAMSRV1H is affected.
- Version QAMSRV1M is affected.
- Version QCA6391 is affected.
- Version QCA6574 is affected.
- Version QCA6574A is affected.
- Version QCA6574AU is affected.
- Version QCA6595 is affected.
- Version QCA6595AU is affected.
- Version QCA6678AQ is affected.
- Version QCA6688AQ is affected.
- Version QCA6696 is affected.
- Version QCA6698AQ is affected.
- Version QCA6797AQ is affected.
- Version QCM6125 is affected.
- Version QCS6125 is affected.
- Version QCS6490 is affected.
- Version QCS7230 is affected.
- Version QCS8250 is affected.
- Version Qualcomm Video Collaboration VC1 Platform is affected.
- Version Qualcomm Video Collaboration VC3 Platform is affected.
- Version Qualcomm Video Collaboration VC5 Platform is affected.
- Version SA6155P is affected.
- Version SA7255P is affected.
- Version SA7775P is affected.
- Version SA8155P is affected.
- Version SA8195P is affected.
- Version SA8255P is affected.
- Version SA8295P is affected.
- Version SA8620P is affected.
- Version SA8650P is affected.
- Version SA8770P is affected.
- Version SA8775P is affected.
- Version SA9000P is affected.
- Version SM4635 is affected.
- Version SM8635 is affected.
- Version SM8750 is affected.
- Version SM8750P is affected.
- Version Snapdragon 4 Gen 1 Mobile Platform is affected.
- Version Snapdragon 480 5G Mobile Platform is affected.
- Version Snapdragon 480+ 5G Mobile Platform (SM4350-AC) is affected.
- Version Snapdragon 695 5G Mobile Platform is affected.
- Version Snapdragon 8 Gen 3 Mobile Platform is affected.
- Version Snapdragon W5+ Gen 1 Wearable Platform is affected.
- Version SRV1H is affected.
- Version SRV1L is affected.
- Version SRV1M is affected.
- Version SW5100 is affected.
- Version SW5100P is affected.
- Version WCD9370 is affected.
- Version WCD9375 is affected.
- Version WCD9378 is affected.
- Version WCD9385 is affected.
- Version WCD9390 is affected.
- Version WCD9395 is affected.
- Version WCN3950 is affected.
- Version WCN3980 is affected.
- Version WCN3988 is affected.
- Version WCN6755 is affected.
- Version WCN7860 is affected.
- Version WCN7861 is affected.
- Version WCN7880 is affected.
- Version WCN7881 is affected.
- Version WSA8810 is affected.
- Version WSA8815 is affected.
- Version WSA8830 is affected.
- Version WSA8832 is affected.
- Version WSA8835 is affected.
- Version WSA8840 is affected.
- Version WSA8845 is affected.
- Version WSA8845H is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
- Before and including * is affected.
Exploit Probability
EPSS
0.21%
Percentile
43.04%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.