Linux Kernel AMDGPU Driver Slab Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the AMDGPU driver of the Linux kernel. This issue arises in the user queue management finalization function, where a pointer to user-private data is accessed after it has been freed. The vulnerability was detected using the Intel Graphics Test Suite's PCI unplug test on a system with an AMD GPU. The problem occurs because the 'amdgpu_fpriv' structure is released in the 'amdgpu_driver_postclose_kms()' function, but is still referenced in 'amdgpu_drm_release()'. This improper handling of resource deallocation creates a use-after-free condition, which can lead to memory corruption.

Impact

Exploitation of this vulnerability causes a slab use-after-free condition, where memory that has been freed is accessed again, potentially leading to arbitrary code execution or other memory corruption issues.

Reproduction

The vulnerability can be reproduced by plugging out an AMD GPU while the system is running a version of the Linux kernel that includes this vulnerability. The IGT 'pci_unplug' test can be used to automate this process.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.