Bug 2298582 (CVE-2024-41011)

Summary: CVE-2024-41011 kernel: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: dfreiber, drow, jburrell, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 6.1.91, kernel 6.6.31, kernel 6.8.10, kernel 6.9 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux Kernel's AMD Kernel Fusion Driver when mapping the MMIO HDP page with large pages. This issue could allow a local user to gain unauthorized access to memory.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2298669    
Bug Blocks:    

Description OSIDB Bzimport 2024-07-18 07:20:16 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/amdkfd: don't allow mapping the MMIO HDP page with large pages

We don't get the right offset in that case.  The GPU has
an unused 4K area of the register BAR space into which you can
remap registers.  We remap the HDP flush registers into this
space to allow userspace (CPU or GPU) to flush the HDP when it
updates VRAM.  However, on systems with >4K pages, we end up
exposing PAGE_SIZE of MMIO space.
Comment 2 Mauro Matteo Cascella 2024-07-18 13:03:05 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2298669]