Linux Kernel Memory Corruption Vulnerability in DRM MSM DisplayPort Handling

A memory corruption vulnerability has been addressed in the Linux kernel's Direct Rendering Manager (DRM) for the Qualcomm MSM graphics driver. This issue arises from the handling of DisplayPort (DP) bridges, where the absence of a proper sanity check on the bridge counter can lead to data corruption. The vulnerability is present in versions of the Linux kernel that include the problematic bridge mechanism for DisplayPort management.

Impact

Exploitation of this vulnerability could lead to memory corruption, potentially allowing for arbitrary code execution or causing a system crash.

Reproduction

The vulnerability can be reproduced by configuring a DisplayPort device with more than eight bridges. The missing sanity check on the bridge counter will cause data to be written beyond the bounds of the fixed-size bridge array, leading to memory corruption.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.