Linux Kernel Virtio GPU NULL Pointer Dereference Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's virtio GPU driver. This issue arises in the 'virtio_gpu_conn_get_modes' function, where a NULL value may be returned by 'drm_cvt_mode'. The vulnerability was discovered using the syzkaller fuzzer, which forced a failure in memory allocation, leading to the NULL dereference. The issue has been observed in Linux kernel version 4.19.90.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a crash of the affected kernel module.

Reproduction

The vulnerability can be reproduced by injecting a fault that simulates a failure in memory allocation. This can be done using the 'FAULT_INJECTION' feature of the Linux kernel, which allows for the simulation of various types of failures. Once the fault is injected, the 'drm_mode_getconnector' ioctl can be called, which triggers the 'virtio_gpu_conn_get_modes' function. The injected fault will cause the function to dereference a NULL pointer, leading to a crash.