Linux Kernel NULL Pointer Dereference Vulnerability in DRM Subsystem

A NULL pointer dereference vulnerability has been identified in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically within the Qualcomm Snapdragon (MSM) DisplayPort (DP) implementation. This vulnerability arises during compliance testing, where a test case provides a valid Extended Display Identification Data (EDID) with a deliberately incorrect checksum. The issue occurs because the connector for the DP panel is not properly assigned, leading to a NULL pointer dereference when the test case is executed.

Impact

Exploitation of this vulnerability causes a kernel crash due to a NULL pointer dereference error.

Reproduction

The vulnerability can be reproduced by running the compliance testing test case 4.2.2.6, which involves a DP panel that has a valid EDID with a bad checksum intentionally. During this test, the 'dp_panel_handle_sink_request()' function attempts to access the EDID checksum from the panel's connector, but since the connector was never assigned, it results in a NULL pointer dereference.

Remediation

The vulnerability has been addressed in the official Linux kernel repository. Users should upgrade to the latest version where this issue has been fixed.