Linux Kernel AMD GPU PCI Device Refcount Leak Vulnerability

A refcount leak vulnerability has been identified in the Linux kernel's AMD GPU driver. The issue arises in the function 'amdgpu_atrm_get_bios()', where a PCI device's reference count is not properly decremented. This oversight can lead to memory management issues, as the reference count is crucial for tracking the lifecycle of the PCI device. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can lead to a memory leak, where the reference count of a PCI device is not properly managed, potentially causing memory to be improperly allocated or freed.

Reproduction

The vulnerability can be reproduced by invoking the 'amdgpu_atrm_get_bios()' function with a non-null PCI device pointer. This will trigger the refcount increase without a corresponding decrease, creating a leak.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.