Linux Kernel AMDGPU Size Validation Vulnerability in Non-Exclusive Domains

A vulnerability in the Linux kernel's AMDGPU graphics driver has been addressed. The issue arose in the size validation process for buffer objects, specifically within the 'amdgpu_bo_validate_size' function. The vulnerability could lead to a kernel oops error by improperly dereferencing a memory manager pointer. This problem occurred when the Graphics Translation Table (GTT) domain was requested but not initialized, potentially causing a crash. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability could lead to a kernel oops, causing a crash by dereferencing a null or uninitialized pointer, specifically the TTM domain manager for the requested memory.

Reproduction

The vulnerability can be reproduced by requesting the GTT domain in the 'amdgpu_bo_validate_size' function without the corresponding memory manager being initialized. This can be done by creating a buffer object that requires GTT domain access while the GTT memory manager is still uninitialized, triggering a null pointer dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel official website.