Linux Kernel Shift-Out-Of-Bounds Vulnerability in AMD Display Driver

A shift-out-of-bounds vulnerability has been identified in the Linux kernel's AMD display driver. This issue arises in versions of the Linux kernel prior to the patch, when the PTEBufferSizeInRequests parameter is set to zero. Under these conditions, the 'dml_log2' function returns an invalid negative value, triggering a warning from Undefined Behavior Sanitizer (UBSAN) about an excessively large shift exponent for a 32-bit integer. The vulnerability can be exploited by manipulating the PTEBufferSizeInRequests value, leading to potential memory access errors.

Impact

Exploitation of this vulnerability causes a shift-out-of-bounds error, which can lead to memory corruption or undefined behavior in the kernel.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Specific instructions for upgrading the kernel can be found in the documentation for the respective Linux distribution.