Linux Kernel Bridge Lifetime Management Vulnerability in DRM Component

A vulnerability in the Linux kernel's Direct Rendering Manager (DRM) component for Qualcomm's MSM graphics driver has been addressed. The issue arose because device-managed resources allocated after the component binding were not properly tied to the lifetime of the aggregate DRM device. This oversight could lead to resource leaks or failures when reattempting to bind the aggregate device, especially if a second allocation attempt was needed. In the case of DisplayPort (DP) bridges, previously allocated resources could leak if the probe was deferred. The vulnerability has been fixed by modifying the DP parser interface to align the lifetime of the bridge device with the DRM device, rather than the DP platform device.

Impact

The vulnerability could cause resource leaks or failures in binding the aggregate DRM device, particularly after a deferred probe, leading to issues in managing DisplayPort bridges.

Remediation

Users can upgrade to the latest version of the Linux kernel to address this vulnerability.