Linux Kernel Out-of-Bounds Read Vulnerability in AMD GPU VCN4 Decoder

A vulnerability allowing out-of-bounds reads has been identified in the Linux kernel's AMDGPU video codec decoder, specifically in version 4.0 of the VCN (Video Codec Next) decoder. The issue arises when the decoder parses message data, as it fails to properly check the bounds of the buffer object, potentially leading to unauthorized memory access.

Impact

The vulnerability could lead to out-of-bounds read conditions, which may be exploited to access memory beyond the intended buffer limits, potentially causing information leakage or other unintended behavior.

Reproduction

The vulnerability can be reproduced by sending a VCN message that exceeds the bounds of the associated buffer object. This can be done by manipulating the message headers to create a scenario where the decoder does not properly validate the message length or buffer indices, allowing for out-of-bounds access.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The specific commit addressing this issue is available in the Linux kernel stable tree.