Linux Kernel Plane Refcount Management Vulnerability in AMD Display Driver

A vulnerability in the Linux kernel's AMD display driver has been addressed, concerning the management of plane reference counts. The issue arose because the system for backing up and restoring plane states did not properly maintain reference counts. This oversight could lead to problems if the reference count of a plane changed between backup and restore operations. Potential consequences included memory leaks if the reference count was expected to decrease, or double frees and invalid memory accesses if it was supposed to increase. The vulnerability has been fixed by caching and reapplying the current reference count when restoring plane states.

Impact

The vulnerability could lead to memory management issues, such as memory leaks, double frees, or invalid memory accesses, depending on how the reference count was supposed to change.