Linux Kernel AMD GPU Driver Use-After-Free Vulnerability in GPU Recovery Process

A use-after-free vulnerability has been identified in the AMD GPU driver within the Linux kernel. This issue arises during the GPU recovery process, where a race condition between the scheduling timeout callback and the timeout detection recovery work queue can lead to premature deallocation of a job. If the job is freed before the timeout callback has finished processing, accessing the job's Process Address Space ID (PASID) can result in a use-after-free scenario. The vulnerability has been addressed by caching the PASID early in the recovery process to prevent this issue. The vulnerability was discovered using Kernel Address Sanitizer (KASAN), which reported a slab-use-after-free error in the GPU recovery function.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, where memory that has already been freed is accessed, potentially causing memory corruption or allowing for arbitrary code execution.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is available in the Linux stable tree.