Linux Kernel AMDGPU Zero-Size GDS Range Initialization Vulnerability on RDNA4 Hardware Causes Kernel Crash

A vulnerability in the Linux kernel's AMDGPU driver for RDNA4 (GFX 12) hardware has been identified, where the removal of certain on-chip memory resources leads to a kernel crash. The issue arises because the initialization code correctly sets the sizes of these resources to zero, reflecting their absence. However, the resource manager initialization process does not account for this, causing a crash during the module loading process for the AMDGPU driver on affected graphics cards, such as the RX 9070 XT. The problem has been present since the hardware was released over a year ago, but it was only recently reported.

Impact

The vulnerability causes a kernel crash when the AMDGPU driver is loaded, disrupting the system's operation and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by loading the AMDGPU driver on a system with RDNA4 (GFX 12) hardware, such as an RX 9070 XT graphics card. The driver will crash the kernel during the module loading process, which can be observed by monitoring the system logs or using a tool like 'oops-analysis' to capture the crash details.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version of the stable Linux kernel to apply the fix.