Linux Kernel AMD GPU DRM Use-After-Free Vulnerability in Virtual Memory Management

A use-after-free vulnerability has been addressed in the Linux kernel's AMD GPU Direct Rendering Manager (DRM) component. This issue arose in the virtual memory (VM) management system, specifically within the AMDGPU driver. The vulnerability was caused by a race condition where parent and child processes, sharing the same DRM file, could both attempt to acquire the same VM after a fork, leading to a use-after-free scenario. The non-atomic assignment of process information in the VM management code has been replaced with an atomic compare-and-swap operation to prevent this race condition.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, potentially allowing for memory corruption or arbitrary code execution.

Reproduction

The vulnerability can be reproduced by creating a parent process that shares a DRM file with a child process, and then having both processes attempt to acquire the same VM resource after a fork. This can be done by manipulating the process information assignment in the VM management code, creating a race condition that the vulnerability exploits.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version can be found in the Linux kernel documentation.