Linux Kernel Verisilicon AV1 Decoder Buffer Overflow Vulnerability

A vulnerability in the Linux kernel's handling of tile information for the Verisilicon AV1 decoder can lead to a buffer overflow. Each tile's information requires a specific amount of memory, and the vulnerability arises from incorrect memory allocation, allowing tile data to be written into unallocated memory. This issue affects the stable version of the Linux kernel.

Impact

The vulnerability can be exploited to cause a buffer overflow, potentially leading to arbitrary code execution or memory corruption.

Reproduction

The vulnerability can be reproduced by initializing the AV1 decoder in the Verisilicon Rockchip VPU981 hardware context. During this process, the decoder incorrectly allocates memory for tile information, using a predefined maximum tile count instead of the correct size definition. This misallocation allows the decoder to write tile data into memory that has not been properly allocated, creating a buffer overflow condition.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.