Impact
The flaw lies in the Linux kernel's AMD display driver where dal_vector_reserve() calculates the buffer size with 32‑bit arithmetic. On an overflow the computed size wraps, causing krealloc() to return a smaller buffer than required, so subsequent vector appends can write beyond the allocated memory and corrupt the heap. The driver was updated to use krealloc_array(), which detects integer overflow and returns NULL to avoid the bug. The vulnerability maps to CWE‑122 (heap buffer overflow) and CWE‑680 (integer overflow).
Affected Systems
All Linux systems that ship with the unpatched AMDGPU display driver are affected. The affected kernel releases include any version that contains the original dal_vector_reserve() implementation before the commit that replaces it with krealloc_array(). Distributions that rely on the generic Linux kernel without applying this patch are therefore vulnerable.
Risk and Exploitability
No CVSS or EPSS rating has been published and the flaw is not listed in the CISA KEV catalog, yet the potential for kernel‑space heap corruption indicates a moderate to high risk. An attacker would need a local or privileged execution context to trigger the vulnerable vector append, such as by injecting malicious firmware or by exploiting existing driver functionality. Successful exploitation could allow arbitrary kernel memory writes, leading to privilege escalation or denial of service. The precise remediation or attack vector is not detailed, so this vulnerability should be treated as a local kernel privilege escalation risk.
OpenCVE Enrichment