Linux Kernel AMD Graphics Division Zero Division Vulnerability in Plane Scaling Calculations

A vulnerability in the Linux kernel's AMD graphics driver has been fixed, addressing a division-by-zero error in the display plane scaling calculations. The issue arose because the 'dm_get_plane_scale' function did not properly account for cases where the destination size was zero, leading to a kernel oops error. This vulnerability was introduced with the cursor overlay mode, which uses this function to evaluate cursor mode changes before verifying the plane state.

Impact

Exploitation of this vulnerability caused a kernel oops error due to a division-by-zero, which can lead to a denial of service by causing a system crash.

Reproduction

The vulnerability can be reproduced by using a system with the affected Linux kernel version and an AMD graphics card. When the cursor overlay mode is enabled, the 'dm_get_plane_scale' function is called to assess cursor mode changes. If the destination size is zero, the function attempts to perform a division, resulting in a divide error and a kernel oops.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.