Linux Kernel Use-After-Free Vulnerability in AMD GPU Driver

A use-after-free vulnerability has been identified in the AMD GPU driver of the Linux kernel. This issue arises when the function 'amdgpu_cs_vm_handling' returns a non-zero value, causing the 'bo_list_mutex' to be unlocked. The mutex is then improperly accessed again in 'amdgpu_cs_parser_fini', leading to a use-after-free condition. This vulnerability has been observed in Linux kernel version 5.20.0-0.rc0.20220812git7ebfc85e2cd7.10.fc38.x86_64.

Impact

Exploitation of this vulnerability causes a use-after-free condition, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by invoking the 'amdgpu_cs_vm_handling' function in a scenario where it returns a non-zero value. This will cause the 'bo_list_mutex' to be unlocked prematurely. The issue can be observed while running Google Chrome, as indicated by the process name 'chrome:cs0' in the kernel warning logs.