{"id":"CVE-2024-49989","summary":"drm/amd/display: fix double free issue during amdgpu module unload","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix double free issue during amdgpu module unload\n\nFlexible endpoints use DIGs from available inflexible endpoints,\nso only the encoders of inflexible links need to be freed.\nOtherwise, a double free issue may occur when unloading the\namdgpu module.\n\n[  279.190523] RIP: 0010:__slab_free+0x152/0x2f0\n[  279.190577] Call Trace:\n[  279.190580]  \u003cTASK\u003e\n[  279.190582]  ? show_regs+0x69/0x80\n[  279.190590]  ? die+0x3b/0x90\n[  279.190595]  ? do_trap+0xc8/0xe0\n[  279.190601]  ? do_error_trap+0x73/0xa0\n[  279.190605]  ? __slab_free+0x152/0x2f0\n[  279.190609]  ? exc_invalid_op+0x56/0x70\n[  279.190616]  ? __slab_free+0x152/0x2f0\n[  279.190642]  ? asm_exc_invalid_op+0x1f/0x30\n[  279.190648]  ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[  279.191096]  ? __slab_free+0x152/0x2f0\n[  279.191102]  ? dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[  279.191469]  kfree+0x260/0x2b0\n[  279.191474]  dcn10_link_encoder_destroy+0x19/0x30 [amdgpu]\n[  279.191821]  link_destroy+0xd7/0x130 [amdgpu]\n[  279.192248]  dc_destruct+0x90/0x270 [amdgpu]\n[  279.192666]  dc_destroy+0x19/0x40 [amdgpu]\n[  279.193020]  amdgpu_dm_fini+0x16e/0x200 [amdgpu]\n[  279.193432]  dm_hw_fini+0x26/0x40 [amdgpu]\n[  279.193795]  amdgpu_device_fini_hw+0x24c/0x400 [amdgpu]\n[  279.194108]  amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu]\n[  279.194436]  amdgpu_pci_remove+0x40/0x80 [amdgpu]\n[  279.194632]  pci_device_remove+0x3a/0xa0\n[  279.194638]  device_remove+0x40/0x70\n[  279.194642]  device_release_driver_internal+0x1ad/0x210\n[  279.194647]  driver_detach+0x4e/0xa0\n[  279.194650]  bus_remove_driver+0x6f/0xf0\n[  279.194653]  driver_unregister+0x33/0x60\n[  279.194657]  pci_unregister_driver+0x44/0x90\n[  279.194662]  amdgpu_exit+0x19/0x1f0 [amdgpu]\n[  279.194939]  __do_sys_delete_module.isra.0+0x198/0x2f0\n[  279.194946]  __x64_sys_delete_module+0x16/0x20\n[  279.194950]  do_syscall_64+0x58/0x120\n[  279.194954]  entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[  279.194980]  \u003c/TASK\u003e","modified":"2026-03-20T12:39:30.116503Z","published":"2024-10-21T18:02:32.507Z","related":["MGASA-2024-0344","MGASA-2024-0345","SUSE-SU-2024:4314-1","SUSE-SU-2024:4315-1","SUSE-SU-2024:4316-1","SUSE-SU-2024:4318-1","SUSE-SU-2024:4364-1","SUSE-SU-2024:4376-1","SUSE-SU-2024:4387-1","SUSE-SU-2025:20163-1","SUSE-SU-2025:20164-1","SUSE-SU-2025:20246-1","SUSE-SU-2025:20247-1","USN-7276-1","USN-7277-1","openSUSE-SU-2024:14500-1","openSUSE-SU-2025:14705-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49989.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/20b5a8f9f4670a8503aa9fa95ca632e77c6bf55d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3c0ff4de45ce2c5f7997a1ffa6eefee4b79e6b58"},{"type":"WEB","url":"https://git.kernel.org/stable/c/43c296870740a3a264cdca9f18db12e12e9cfbdb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7af9e6fa63dbd43a61d4ecc8f59426596a75e507"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cf6f3ebd6312d465fee096d1f58089b177c7c67f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/df948b5ba6858d5da34f622d408e5517057cec07"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49989.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49989"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c"},{"fixed":"43c296870740a3a264cdca9f18db12e12e9cfbdb"},{"fixed":"df948b5ba6858d5da34f622d408e5517057cec07"},{"fixed":"cf6f3ebd6312d465fee096d1f58089b177c7c67f"},{"fixed":"7af9e6fa63dbd43a61d4ecc8f59426596a75e507"},{"fixed":"3c0ff4de45ce2c5f7997a1ffa6eefee4b79e6b58"},{"fixed":"20b5a8f9f4670a8503aa9fa95ca632e77c6bf55d"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49989.json"}}],"schema_version":"1.7.5"}