CVE-2021-4460
📋 TL;DR
This CVE describes an undefined behavior shift operation vulnerability in the AMD GPU kernel driver (drm/amdkfd) in the Linux kernel. When certain queue count functions return zero, a shift operation occurs with undefined behavior that could potentially lead to kernel memory corruption or crashes. Systems using AMD GPUs with the affected kernel driver are vulnerable.
💻 Affected Systems
- Linux kernel with AMD GPU driver (drm/amdkfd)
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential privilege escalation leading to full system compromise.
Likely Case
System instability, kernel crashes, or denial of service affecting GPU functionality.
If Mitigated
Minor performance impact or no effect if the vulnerable code path isn't triggered.
🎯 Exploit Status
Exploitation requires triggering specific GPU driver operations and understanding kernel memory layout.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 0c0356ef2498c1a250fe3846f30293f828737309 or later
Vendor Advisory: https://gitlab.freedesktop.org/drm/amd/-/issues/1472
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system. 3. Verify kernel version and that amdkfd module loads correctly.
🔧 Temporary Workarounds
Disable AMD GPU kernel driver
linuxPrevent loading of the vulnerable amdkfd kernel module
echo 'blacklist amdkfd' >> /etc/modprobe.d/blacklist-amdkfd.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Restrict local user access to systems with AMD GPUs
- Monitor system logs for kernel crashes or GPU driver errors
🔍 How to Verify
Check if Vulnerable:
Check if amdkfd module is loaded: lsmod | grep amdkfd AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits AND test GPU functionality remains stable📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- GPU driver error logs
- System crash dumps
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "amdkfd")🔗 References
- https://git.kernel.org/stable/c/0c0356ef2498c1a250fe3846f30293f828737309
- https://git.kernel.org/stable/c/1874b0ef1426b873de94c61861e38f29a8df714c
- https://git.kernel.org/stable/c/3fdc5182700910a685d23df57d65166e8556a266
- https://git.kernel.org/stable/c/50e2fc36e72d4ad672032ebf646cecb48656efe0
- https://git.kernel.org/stable/c/9069b1b542de8f3bbffef868aff41521b21485cf
