CVE-2024-41011 is a vulnerability identified in the Linux kernel, specifically within the Direct Rendering Manager (DRM) subsystem related to AMD's Kernel Fusion Driver (amdkfd). The issue arises from improper handling of memory-mapped I/O (MMIO) regions when mapping the HDP (Host Data Path) flush registers using large page sizes. Normally, the GPU exposes a 4KB area of the register Base Address Register (BAR) space that can be remapped to allow userspace processes (either CPU or GPU) to flush the HDP when VRAM is updated. However, on systems that use page sizes larger than 4KB, the kernel incorrectly maps a PAGE_SIZE amount of MMIO space, which is larger than the intended 4KB. This results in exposing additional MMIO space beyond what is intended, potentially allowing unauthorized access or manipulation of GPU registers. The vulnerability stems from the kernel not calculating the correct offset when large pages are used, leading to an expanded MMIO mapping window. Although no known exploits are currently reported in the wild, the flaw could be leveraged by a local attacker with access to userspace GPU interfaces to perform unauthorized register access, potentially leading to information disclosure, privilege escalation, or system instability. The vulnerability affects Linux kernel versions identified by the commit hash d8e408a82704c86ba87c3d58cfe69dcdb758aa07 and similar builds. The flaw has been addressed by restricting the mapping of the MMIO HDP page to disallow large page mappings, ensuring only the intended 4KB area is exposed.

For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with AMD GPUs that utilize the amdkfd driver, especially those configured with large page sizes (>4KB). Potential impacts include unauthorized access to GPU registers by local users, which could lead to privilege escalation or unauthorized manipulation of GPU memory operations. This could compromise confidentiality and integrity of data processed or stored in GPU VRAM, and potentially affect system availability if exploited to cause crashes or instability. Organizations relying on Linux servers or workstations with AMD GPUs for critical workloads, including scientific computing, media processing, or virtualization, may face increased risk. The vulnerability could be exploited by malicious insiders or attackers who have gained limited access to the system, enabling them to escalate privileges or disrupt GPU operations. Given the widespread use of Linux in European public sector, research institutions, and enterprises, the exposure could be significant if patches are not applied promptly. However, the lack of known exploits and the requirement for local access reduce the immediacy of the threat but do not eliminate the risk.

European organizations should take the following specific actions: 1) Identify all Linux systems running kernels with the affected amdkfd driver versions, especially those using AMD GPUs and configured with large page sizes. 2) Apply the latest Linux kernel patches or updates that address CVE-2024-41011 as soon as they become available from trusted Linux distributions or upstream sources. 3) Restrict local user access to GPU device files and interfaces to trusted users only, minimizing the risk of exploitation by unauthorized users. 4) Monitor system logs and GPU-related kernel messages for unusual activity that could indicate attempts to exploit MMIO mappings. 5) For environments using virtualization or containerization, ensure that GPU passthrough or sharing configurations do not inadvertently expose vulnerable interfaces to untrusted tenants. 6) Consider disabling large page support for GPU MMIO mappings if feasible, or enforce strict memory mapping policies to prevent unauthorized large page mappings. 7) Maintain an inventory of GPU hardware and driver versions to facilitate rapid response to similar vulnerabilities in the future.