Linux Kernel Array Underflow Vulnerability in AMD GPU Vega20 Overdrive Management

An array underflow vulnerability has been identified in the Linux kernel's AMD GPU driver, specifically within the Vega20 Overdrive management functions. This issue arises because the 'input_index' variable, which is sourced from the user via sysfs, is not properly validated for negative values. As a result, it can lead to an out-of-bounds read, potentially causing unintended behavior or information disclosure.

Impact

Exploitation of this vulnerability allows for out-of-bounds read operations, which can lead to memory corruption or unauthorized access to sensitive information.

Reproduction

The vulnerability can be reproduced by manipulating the 'input_index' variable through the sysfs interface, specifically in the context of the 'PP_OD_EDIT_VDDC_CURVE' case. This can be done by sending a negative value to the 'input_index' via sysfs, which will then be processed by the 'vega20_odn_edit_dpm_table' function, resulting in an out-of-bounds read.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. The specific commit that resolves this issue is available in the Linux kernel stable tree.