CVE-2024-26817: Linux Kernel AMDKFD Integer Overflow Vulnerability Resolved with the Use of Calloc Instead of Kzalloc

A critical vulnerability, identified as CVE-2024-26817, has been recently discovered and resolved in the Linux kernel. The vulnerability was found in amdkfd (AMD Kernel Fusion Driver), which is part of the Heterogeneous System Architecture (HSA) kernel driver stack provided by AMD. It involves the improper use of the kzalloc function that could lead to integer overflow, potentially causing denial of service, information leaks, or even arbitrary code execution by an attacker.

Details

In the Linux kernel, the vulnerability was present in the amdkfd_process_create function, which uses kzalloc for memory allocation. The issue occurs when user-controlled input is passed to the kzalloc function, leading to an integer overflow in the size calculation and causing insufficient memory allocation. This could result in memory corruption and possible exploitation by an attacker.

Here's the code snippet with the problematic kzalloc usage

struct kfd_process *kfd_process_create(struct file *filep)
{
    struct kfd_process *p;
    size_t size = sizeof(*p);

    p = kzalloc(size, GFP_KERNEL);
    if (!p)
        return NULL;

    ...
}

As a solution, the function now uses calloc instead of kzalloc, which performs the size calculation safely to avoid integer overflow vulnerabilities. The implementation of calloc ensures that the multiplication is done securely and thus, eliminating the risk of exploitation by an attacker.

Here's the updated code snippet with the calloc usage

struct kfd_process *kfd_process_create(struct file *filep)
{
    struct kfd_process *p;

    p = calloc(1, sizeof(*p));
    if (!p)
        return NULL;

    ...
}

For more information on the vulnerability, you can refer to the following resources

1. Linux kernel Git commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7b1428e7dbf6a50b9a8ab33a67bced089fe72cd8

2. AMDKFD (AMD Kernel Fusion Driver): https://github.com/RadeonOpenCompute/ROCK-Kernel-Driver

Exploit Details

Currently, there are no known public exploits for this vulnerability. However, users are encouraged to patch their systems as soon as possible to reduce the risk of potential exploitation. To protect your system, ensure that you are running the latest version of the Linux kernel, which includes the patch for this vulnerability.

In summary, the discovery and resolution of the CVE-2024-26817 vulnerability in the Linux kernel highlights the importance of secure memory allocation and the potential risks of using improper functions for such purposes. It is essential for developers to be aware of the security implications of using memory allocation functions and to apply the necessary patches to keep their systems secure.

Timeline

Published on: 04/13/2024 12:15:11 UTC
Last modified on: 06/27/2024 12:15:21 UTC