CVE-2023-54150

The vulnerability is an out-of-bounds access in the Linux kernel's AMD graphics BIOS parser. The structure in atomfirmware.h defines an array hardcoded to eight elements, but firmware tables can supply larger arrays, causing the parser to read beyond the allocated buffer [1][2]. This issue was partially addressed by commit 4fc1ba4aa589, but two additional cases remained unfixed.

Exploitation requires a system with AMD graphics hardware and the malicious firmware data to be parsed. The attack surface may involve a local attacker with the ability to replace or modify firmware data, or a remote attacker if firmware loading occurs over a network. However, typical exploitation would require either physical access or a compromised boot chain to inject a crafted firmware table.

An out-of-bounds read could lead to information disclosure or memory corruption, potentially resulting in denial of service or privilege escalation. The exact impact depends on the kernel memory layout and the surrounding data.

The fix is included in the Linux kernel stable releases. Users are advised to apply kernel updates to mitigate the vulnerability. No workarounds are documented.