An integer-related bounds-checking error in the Linux kernel AMD KFD driver could allow an attacker to corrupt memory.

The vulnerability occurs in the debug address watch code, where a signed/unsigned integer mismatch in watch_id leads to improper bounds checking. This can be exploited by a local user with access to the KFD device to perform out-of-bounds operations.

Exploitation of this vulnerability could lead to local privilege escalation or a denial-of-service condition. The CVSS score of 7.8 indicates a high risk to systems utilizing AMD GPU hardware for compute or graphical tasks.

Immediate Action: Update the Linux kernel to the latest version to address the bounds-checking error in the AMD KFD driver.

Proactive Monitoring: Monitor for unusual activity or crashes associated with GPU compute tasks.

Compensating Controls: Restrict access to GPU device nodes to authorized users only to mitigate the risk of local exploitation.

Public Exploit Available: false

We recommend applying the kernel patch as soon as it becomes available for your distribution. Limiting access to the AMD KFD device interface is a necessary secondary control for high-security environments.