Linux Kernel DSC Validation Vulnerability in AMD Graphics Driver Leads to Use-After-Free

A vulnerability in the Linux kernel's AMD graphics driver can cause a use-after-free error, leading to potential memory corruption. This issue arises during the Display Stream Compression (DSC) validation process, where the driver incorrectly manages the state of video streams. When external displays are connected, the driver may fail to recognize changes in the internal display's configuration, such as HDR settings. As a result, the driver creates new video streams without properly releasing the old ones, causing a memory leak. Eventually, the abandoned stream is disabled, triggering the use-after-free condition.

Impact

Exploitation of this vulnerability causes a use-after-free error in the AMD graphics driver, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

To reproduce this vulnerability, connect external DisplayPort Multi-Stream Transport (DP-MST) screens to a laptop while the integrated panel is active. The driver will incorrectly drop the 'mode_changed' flag for the internal display if its DSC configuration hasn't changed, even though unrelated mode changes are pending. This mismanagement causes the driver to create new video streams for the external displays without releasing the old ones for the internal display, leading to a memory leak. When the streams are disabled later, the use-after-free error occurs.

Remediation

Users can update to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.