CVE-2024-27400: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2
This reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always move
on same heap. The basic problem here is that after the move the old
location is simply not available any more.
Some fixes were suggested, but essentially we should call the move
notification before actually moving things because only this way we have
the correct order for DMA-buf and VM move notifications as well.
Also rework the statistic handling so that we don't update the eviction
counter before the move.
v2: add missing NULL check
Security readout for executives and security teams
Plain-English summary
CVE-2024-27400 is a Linux kernel amdgpu issue involving how GPU memory move notifications are ordered. The public record says the bug has been resolved, but it does not provide CVSS, impact class, or exploitation evidence. Treat it as a kernel maintenance priority for systems using AMD GPU drivers.
Executive priority
Moderate operational priority, with urgency dependent on AMDGPU exposure. There is no cited active exploitation or severity score, but kernel driver issues can have high operational impact, so include it in normal kernel patch cycles.
Technical view
The issue is in drm/amdgpu amdgpu_ttm_move(). The fix changes notification ordering so move notifications occur before the actual move, preserving correct old-location information for DMA-buf and VM notifications, and adjusts eviction statistics timing. A missing NULL check was added in v2.
Likely exposure
Exposure is most likely on Linux systems using the AMDGPU kernel driver, especially desktops, workstations, GPU-enabled servers, or virtualization hosts with AMD GPUs. Exact affected and fixed version semantics are unclear from the provided bundle, so confirm against vendor kernel packages.
Exploitation context
The source bundle does not report active exploitation, public exploit availability, KEV listing, or a CVSS score. It describes a kernel driver logic flaw and upstream stable fixes, but does not state attacker prerequisites or security impact.
Researcher notes
Avoid over-classifying impact from the title alone. The record centers on notification order, old-location availability, DMA-buf/VM move notifications, eviction counters, and a NULL check. Version data in the bundle is not sufficient for precise fleet scoping without vendor mapping.
Mitigation direction
Apply vendor kernel updates that include the referenced upstream stable fixes.
Prioritize AMDGPU-enabled Linux systems over systems without AMD GPU hardware or drivers.
Review Fedora package announcements if managing Fedora kernels.
Check Linux distribution advisories for exact fixed package versions.
Reboot systems after kernel updates to activate the fixed kernel.
Validation and detection
Inventory Linux systems with AMDGPU hardware or loaded amdgpu driver.
Compare running kernel versions against vendor advisory fixed versions.
Confirm patched kernels include the referenced upstream stable commits.
Verify systems rebooted into the updated kernel after patching.
Document exceptions where AMDGPU is absent or disabled.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-27400 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.