Linux Kernel NULL Pointer Dereference Vulnerability in AMDGPU Atom Handling

A vulnerability in the Linux kernel's AMDGPU driver can lead to a NULL pointer dereference. This issue arises in the 'amdgpu_atom_execute_table_locked' function, where the 'kcalloc' memory allocation for a workspace buffer can fail. If the allocation fails while the workspace size is non-zero, the context's workspace pointer remains NULL, but the size is incorrectly set. This discrepancy can cause a NULL pointer dereference when the 'atom_get_src_int' function tries to access workspace entries. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability can lead to a NULL pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

The vulnerability can be reproduced by invoking the 'amdgpu_atom_execute_table_locked' function with a non-zero workspace size while causing the 'kcalloc' allocation to fail. This can be achieved by manipulating the function's parameters or the memory allocation process, although specific details may vary depending on the system and kernel version.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.