Linux Kernel Null Pointer Dereference Vulnerability in DRM Bridge Megachips Component

A null pointer dereference vulnerability has been identified in the Linux kernel's DRM bridge component for Megachips devices, specifically in the GE-B850V3 firmware driver. This issue occurs when the module is removed, leading to a general protection fault. The problem arises because two bridges, STDP2690 and STDP4028, do not initialize simultaneously. As a result, the driver attempts to remove an uninitialized object, causing the null pointer dereference. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a general protection fault, caused by a null pointer dereference, which can disrupt system operations and potentially be exploited to execute arbitrary code.

Reproduction

To reproduce this vulnerability, load the Megachips GE-B850V3 firmware driver, which manages the STDP2690 and STDP4028 bridges. After the driver is loaded, remove the module without ensuring that both bridges have been properly initialized. This sequence will trigger the null pointer dereference, as the driver will attempt to remove a bridge that has not been probed, leading to a general protection fault.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.