Linux Kernel AMD KFD Partition Switch Process Race Condition Vulnerability

A race condition vulnerability has been identified in the Linux kernel's AMD KFD (Kernel Fusion Driver) component, specifically within the process management during partition switching. This issue arises because the current process switch only verifies if the KFD processes table is empty. However, the table entry is removed in the 'kfd_process_notifier_release' function, while the process teardown occurs in 'kfd_process_wq_release'. This discrepancy can lead to a race condition between two processes: one handling the workqueue release and another managing the partition switch, potentially causing a divide error, as indicated in the system log. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a race condition, causing a divide error, which may disrupt normal system operations or cause a denial of service.

Reproduction

The vulnerability can be reproduced by creating two processes that interact with the KFD process management system. Process A should be initiated in the KFD workqueue and then released, which will access a KFD node member. Simultaneously, Process B should be started in a different switch partition, triggering the KFD node teardown process. This sequence can create a race condition, as Process A and B may interfere with each other's operations, leading to the described divide error.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.