Linux Kernel AMD GPU Driver Bounds Checking Vulnerability in Input Buffer Access

A vulnerability in the Linux kernel's AMD GPU driver has been addressed, which involved improper bounds checking when accessing the input buffer (IB) at specific offsets. The issue arose because the UVD, VCE, and VCN components did not verify whether the IB was sufficiently large, potentially leading to buffer overflows. The vulnerability has been fixed by adding appropriate bounds checks and modifying the index type to uint32_t to prevent overflow-related issues. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability could have allowed for buffer overflows, potentially leading to arbitrary code execution or memory corruption.

Reproduction

The vulnerability can be reproduced by accessing the input buffer in the AMD GPU driver at predefined offsets without ensuring that the buffer is large enough to handle the access. This can be done by manipulating the index values used to access the buffer, causing an overflow that bypasses the original bounds checks.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The patched version can be downloaded from the Linux kernel stable Git repository.