Linux Kernel AMD GPU Driver SVM Ioctl Buffer Validation Vulnerability

A vulnerability in the Linux kernel's AMD GPU driver (AMDKFD) allows for out-of-bounds buffer access via user-controlled attribute counts. This issue arises in the SVM (Shared Virtual Memory) ioctl, where the 'nattr' field is not properly validated against the buffer size. The vulnerability has been addressed by adding a validation function that checks the expected size of the attributes before processing the ioctl command.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, potentially causing memory corruption or allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending an ioctl command to the AMDKFD driver with a 'nattr' value that exceeds the allocated buffer size. This can be done by manipulating the attribute count in the ioctl request, causing the driver to read or write outside the bounds of the allocated memory.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched kernel can be found on the official Linux kernel website.