CVE-2023-53816

Vulnerability

CVE-2023-53816 is a use-after-free (UAF) vulnerability in the Linux kernel's AMD KFD (Kernel Fusion Driver) component. The root cause is that kgd_mem pointers returned by kfd_process_device_translate_handle are only guaranteed to be valid while the process mutex (p->mutex) is held. Once the mutex is unlocked, another thread can free the buffer object (BO), leading to a dangling pointer [1].

Exploitation

An attacker with local access and the ability to execute code on the system can trigger this vulnerability by racing a memory allocation and deallocation in the KFD driver. The attack requires the ability to call the affected IOCTL functions that use kfd_process_device_translate_handle without holding the mutex. No special privileges beyond local user access are needed, but the attacker must be able to interact with the AMD GPU device [1].

Impact

Successful exploitation can lead to a use-after-free condition, which may allow an attacker to corrupt kernel memory, cause a denial of service, or potentially escalate privileges to root. The vulnerability is rated with a CVSS score of 7.8 (High) [1].

Mitigation

The fix is included in the Linux kernel stable update that patches this commit is part of. Users should apply the latest kernel updates from their distribution. No workaround is available; updating the kernel is the recommended mitigation [1].