Linux Kernel Out-of-Bounds Read Vulnerability in AMD BIOS Parser

A vulnerability in the Linux kernel's AMD display BIOS parser can lead to an out-of-bounds read. The issue arises because an array, which is hardcoded to a size of eight, can be exceeded by firmware that provides a larger one. This discrepancy causes the parser to dereference memory outside the intended bounds, potentially leading to undefined behavior or information leakage. While a previous commit addressed some instances of this problem, two other cases remained uncorrected until now.

Impact

Exploitation of this vulnerability causes an out-of-bounds read, which can lead to memory corruption or information disclosure.

Reproduction

The vulnerability can be reproduced by using AMD firmware that supplies a larger array than the BIOS parser expects, causing the parser to read beyond the allocated memory. This can be done by manipulating the firmware to include oversized data that the parser will process, triggering the out-of-bounds read.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.