Linux Kernel APU VRAM Logic NULL Pointer Dereference Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's AMDGPU graphics driver, specifically affecting APU platforms. This issue arises because APUs lack dedicated VRAM and do not properly initialize VRAM manager structures. As a result, the backing device pointer within the resource manager remains NULL. When the function `ttm_resource_manager_usage()` tries to access this uninitialized pointer, it leads to a kernel OOPS error. The vulnerability is present in scenarios where the VRAM manager is uninitialized, not just on APUs.

Impact

Exploitation of this vulnerability causes a kernel OOPS, which is a type of error that leads to a system crash.

Reproduction

The vulnerability can be reproduced on an APU platform by accessing the VRAM manager usage through the AMDGPU driver. This can be done by triggering the `AMDGPU_INFO_VRAM_USAGE` ioctl, which will attempt to read the VRAM usage data. Since the VRAM manager is not properly initialized on APU devices, this action will cause a NULL pointer dereference, leading to a kernel OOPS error.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version of the stable Linux kernel to apply the fix.