Linux Kernel Buffer Overflow Vulnerability in IOMMU/AMD Component

A buffer overflow vulnerability has been identified in the Linux kernel's IOMMU/AMD component. This issue arises from a string parsing logic error that can lead to an overflow of HID or UID buffers. The vulnerability occurs because the comparison of the ACPI ID length against the total string length does not adequately account for the lengths of individual HID and UID buffers. For instance, a HID string length of 4 combined with a UID string length of 260 would result in an overflow, as the UID buffer can only accommodate 256 characters. Similarly, a HID string length of 13 and a UID string length of 250 would also cause an overflow. The vulnerability has been addressed by modifying the parsing logic to separately check the lengths of HID and UID strings, preventing the buffer overflow.

Impact

Exploitation of this vulnerability can lead to a buffer overflow, which may be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the system.