Linux Kernel DRM Buddy Rounded Allocation Validation Vulnerability

A vulnerability in the Linux kernel's Direct Rendering Manager (DRM) buddy memory allocation system can lead to a critical error. When the 'DRM_BUDDY_CONTIGUOUS_ALLOCATION' flag is active, requested memory sizes are rounded up to the next power of two. For non-contiguous allocations with a large minimum block size, sizes are similarly adjusted. These rounding operations can result in sizes that exceed the available memory, triggering a fatal error. This issue has been addressed by adding validation to ensure that rounded sizes do not surpass the available memory, preventing the error from occurring.

Impact

Exceeding the maximum allowed memory allocation can cause a system crash by triggering a critical error condition.

Reproduction

The vulnerability can be reproduced by attempting to allocate memory sizes that exceed the available memory capacity. For example, a 9GB contiguous allocation on a system with 10GB of VRAM will fail because the rounded allocation size exceeds the available memory. Similarly, a 9GB allocation with an 8GB minimum block size on the same 10GB VRAM system will also trigger the error, as the adjusted size surpasses the available memory.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.