CVE-2024-57920: 
Linux Debian vulnerability analysis and mitigation

CVE-2024-57920 affects the Linux kernel's AMD Kernel Fusion Driver (AMDKFD). The vulnerability was discovered when kfdprocesswqrelease() signals an eviction fence by dmafencesignal() which warns if dmafence is NULL. This occurs because kfdprocess->ef is initialized by kfdprocessdeviceinitvm() through ioctl, meaning the fence is NULL for a newly created kfdprocess, and closing a kfd_process right after opening it triggers the warning (NVD, Kernel Git).

The issue occurs in the Linux kernel's DRM (Direct Rendering Manager) subsystem, specifically in the AMDKFD driver. The vulnerability manifests when kfdprocesswqrelease() attempts to signal an eviction fence using dmafence_signal() without first checking if the fence exists. The bug was fixed by adding a conditional check to only signal the eviction fence when it is available. The fix was implemented in commit 2774ef7625adb5fb9e9265c26a59dca7b8fd171e and later cherry-picked to stable branches (Kernel Git).

The vulnerability results in a kernel warning when a kfd_process is closed immediately after being opened, due to attempting to signal a NULL fence. While this primarily manifests as a warning message in the kernel log, it indicates improper error handling that could potentially lead to system instability (NVD).

The issue has been fixed in the Linux kernel by adding a conditional check before signaling the eviction fence. The patch ensures that dmafencesignal() is only called when the fence pointer (ef) is not NULL. Users should update to a kernel version that includes the fix from commit 2774ef7625adb5fb9e9265c26a59dca7b8fd171e (Kernel Git).