CVE-2024-43907: Fixing Null Pointer Dereference in Linux Kernel drm/amdgpu/pm
Hello everyone! Today we are going to discuss a rather interesting vulnerability that has been resolved in the Linux kernel. The issue at hand is a null pointer dereference that affects the drm/amdgpu/pm component. This vulnerability has been assigned the identifier CVE-2024-43907.
In this post, we will provide a brief overview of the vulnerability, including some background on the Linux kernel and the drm/amdgpu/pm module. We will also dive into the code snippet and explore the process of applying the fix for this vulnerability. Additionally, we will provide references to the original sources.
Background
The Linux kernel is the heart of the Linux operating system, responsible for managing the hardware, processes, and other essential system functions. Within the Linux kernel, there is a kernel module for supporting the graphical operations of AMD Radeon GPUs, namely the drm/amdgpu/pm component.
This module is a part of the Direct Rendering Manager (DRM) subsystem, which provides a way for the GPU to interact with the kernel and other system components for graphical operations.
The Vulnerability
The vulnerability in the drm/amdgpu/pm component involves a null pointer dereference that occurs within the apply_state_adjust_rules function. A null pointer dereference occurs when an application attempts to access memory through a pointer that has a null value. This can result in unexpected behavior, crashes, or even security vulnerabilities.
To better understand the issue, let's examine the relevant code snippet from the Linux kernel source
static int apply_state_adjust_rules(struct amdgpu_device *adev,
struct pp_power_state *data)
{
int i;
for (i = ; i < adev->num_hooks; i++) {
if (adev->hooks[i]->id == MAKE_HOOK_ID(PP_SMC, CONFIG_PCIE_))
return execute_adjust_rule_mapping(adev,
adev->hooks[i],
data,
CONFIG_PCIE_);
}
return ;
}
In the code above, the adev->hooks array is responsible for storing function pointers to various hooks, which are used for adjusting the power state of the GPU. During the execution of the apply_state_adjust_rules function, it iterates through the array of hooks and checks if a hook with the specified ID exists.
Fix and Analysis
The fix for this vulnerability involves verifying that the adev->hooks pointer is not null before dereferencing it. Here's the updated code snippet with the fix applied:
static int apply_state_adjust_rules(struct amdgpu_device *adev,
struct pp_power_state *data)
{
int i;
if (!adev->hooks) {
return -EINVAL;
}
for (i = ; i < adev->num_hooks; i++) {
if (adev->hooks[i]->id == MAKE_HOOK_ID(PP_SMC, CONFIG_PCIE_))
return execute_adjust_rule_mapping(adev,
adev->hooks[i],
data,
CONFIG_PCIE_);
}
return ;
}
With this change, the function checks if the adev->hooks pointer is null and returns a negative error value accordingly. This simple fix effectively resolves the null pointer dereference vulnerability.
Here are some links to the original references for further reading
1. Linux kernel source code: https://github.com/torvalds/linux
2. The DRM module documentation: https://www.kernel.org/doc/html/latest/gpu/drm.html
3. AMDGPU kernel module documentation: https://www.kernel.org/doc/html/latest/gpu/amdgpu.html
Conclusion
In conclusion, CVE-2024-43907 is a null pointer dereference vulnerability in the Linux kernel's drm/amdgpu/pm component. The issue was resolved by adding a simple check for the null pointer before dereferencing it. It is essential to be attentive to such minor details when working with kernel code to ensure the overall security and stability of the system.
Timeline
Published on: 08/26/2024 11:15:05 UTC
Last modified on: 08/27/2024 13:41:40 UTC